@noble/curves
Advanced tools
Comparing version 1.4.0 to 1.4.1
import { randomBytes } from '@noble/hashes/utils'; | ||
import { CHash } from './abstract/utils.js'; | ||
import { CurveType } from './abstract/weierstrass.js'; | ||
import { CHash } from './abstract/utils.js'; | ||
export declare function getHash(hash: CHash): { | ||
@@ -12,3 +12,3 @@ hash: CHash; | ||
create: (hash: CHash) => import("./abstract/weierstrass.js").CurveFn; | ||
CURVE: Readonly<{ | ||
CURVE: ReturnType<(curve: CurveType) => Readonly<{ | ||
readonly nBitLength: number; | ||
@@ -19,10 +19,10 @@ readonly nByteLength: number; | ||
readonly h: bigint; | ||
readonly hEff?: bigint | undefined; | ||
readonly hEff?: bigint; | ||
readonly Gx: bigint; | ||
readonly Gy: bigint; | ||
readonly allowInfinityPoint?: boolean | undefined; | ||
readonly allowInfinityPoint?: boolean; | ||
readonly a: bigint; | ||
readonly b: bigint; | ||
readonly allowedPrivateKeyLengths?: readonly number[] | undefined; | ||
readonly wrapPrivateKey?: boolean | undefined; | ||
readonly allowedPrivateKeyLengths?: readonly number[]; | ||
readonly wrapPrivateKey?: boolean; | ||
readonly endo?: { | ||
@@ -36,3 +36,3 @@ beta: bigint; | ||
}; | ||
} | undefined; | ||
}; | ||
readonly isTorsionFree?: ((c: import("./abstract/weierstrass.js").ProjConstructor<bigint>, point: import("./abstract/weierstrass.js").ProjPointType<bigint>) => boolean) | undefined; | ||
@@ -42,15 +42,15 @@ readonly clearCofactor?: ((c: import("./abstract/weierstrass.js").ProjConstructor<bigint>, point: import("./abstract/weierstrass.js").ProjPointType<bigint>) => import("./abstract/weierstrass.js").ProjPointType<bigint>) | undefined; | ||
readonly hmac: (key: Uint8Array, ...messages: Uint8Array[]) => Uint8Array; | ||
readonly randomBytes: (bytesLength?: number | undefined) => Uint8Array; | ||
readonly randomBytes: (bytesLength?: number) => Uint8Array; | ||
lowS: boolean; | ||
readonly bits2int?: ((bytes: Uint8Array) => bigint) | undefined; | ||
readonly bits2int_modN?: ((bytes: Uint8Array) => bigint) | undefined; | ||
readonly bits2int?: (bytes: Uint8Array) => bigint; | ||
readonly bits2int_modN?: (bytes: Uint8Array) => bigint; | ||
readonly p: bigint; | ||
}>; | ||
getPublicKey: (privateKey: import("./abstract/utils.js").PrivKey, isCompressed?: boolean | undefined) => Uint8Array; | ||
getSharedSecret: (privateA: import("./abstract/utils.js").PrivKey, publicB: import("./abstract/utils.js").Hex, isCompressed?: boolean | undefined) => Uint8Array; | ||
sign: (msgHash: import("./abstract/utils.js").Hex, privKey: import("./abstract/utils.js").PrivKey, opts?: import("./abstract/weierstrass.js").SignOpts | undefined) => import("./abstract/weierstrass.js").RecoveredSignatureType; | ||
}>>; | ||
getPublicKey: (privateKey: import("./abstract/utils.js").PrivKey, isCompressed?: boolean) => Uint8Array; | ||
getSharedSecret: (privateA: import("./abstract/utils.js").PrivKey, publicB: import("./abstract/utils.js").Hex, isCompressed?: boolean) => Uint8Array; | ||
sign: (msgHash: import("./abstract/utils.js").Hex, privKey: import("./abstract/utils.js").PrivKey, opts?: import("./abstract/weierstrass.js").SignOpts) => import("./abstract/weierstrass.js").RecoveredSignatureType; | ||
verify: (signature: import("./abstract/utils.js").Hex | { | ||
r: bigint; | ||
s: bigint; | ||
}, msgHash: import("./abstract/utils.js").Hex, publicKey: import("./abstract/utils.js").Hex, opts?: import("./abstract/weierstrass.js").VerOpts | undefined) => boolean; | ||
}, msgHash: import("./abstract/utils.js").Hex, publicKey: import("./abstract/utils.js").Hex, opts?: import("./abstract/weierstrass.js").VerOpts) => boolean; | ||
ProjectivePoint: import("./abstract/weierstrass.js").ProjConstructor<bigint>; | ||
@@ -62,3 +62,3 @@ Signature: import("./abstract/weierstrass.js").SignatureConstructor; | ||
randomPrivateKey: () => Uint8Array; | ||
precompute: (windowSize?: number | undefined, point?: import("./abstract/weierstrass.js").ProjPointType<bigint> | undefined) => import("./abstract/weierstrass.js").ProjPointType<bigint>; | ||
precompute: (windowSize?: number, point?: import("./abstract/weierstrass.js").ProjPointType<bigint>) => import("./abstract/weierstrass.js").ProjPointType<bigint>; | ||
}; | ||
@@ -65,0 +65,0 @@ }>; |
"use strict"; | ||
Object.defineProperty(exports, "__esModule", { value: true }); | ||
exports.createCurve = exports.getHash = void 0; | ||
exports.getHash = getHash; | ||
exports.createCurve = createCurve; | ||
/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ | ||
@@ -16,3 +17,2 @@ const hmac_1 = require("@noble/hashes/hmac"); | ||
} | ||
exports.getHash = getHash; | ||
function createCurve(curveDef, defHash) { | ||
@@ -22,3 +22,2 @@ const create = (hash) => (0, weierstrass_js_1.weierstrass)({ ...curveDef, ...getHash(hash) }); | ||
} | ||
exports.createCurve = createCurve; | ||
//# sourceMappingURL=_shortw_utils.js.map |
/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ | ||
import { AffinePoint } from './curve.js'; | ||
import { IField } from './modular.js'; | ||
import { Hex, PrivKey, CHash } from './utils.js'; | ||
import { MapToCurve, Opts as HTFOpts, htfBasicOpts, createHasher } from './hash-to-curve.js'; | ||
import { CurvePointsType, ProjPointType as ProjPointType, CurvePointsRes } from './weierstrass.js'; | ||
/** | ||
@@ -13,8 +18,3 @@ * BLS (Barreto-Lynn-Scott) family of pairing-friendly curves. | ||
* Some projects may prefer to swap this relation, it is not supported for now. | ||
*/ | ||
import { AffinePoint } from './curve.js'; | ||
import { IField } from './modular.js'; | ||
import { Hex, PrivKey, CHash } from './utils.js'; | ||
import { MapToCurve, Opts as HTFOpts, htfBasicOpts, createHasher } from './hash-to-curve.js'; | ||
import { CurvePointsType, ProjPointType as ProjPointType, CurvePointsRes } from './weierstrass.js'; | ||
**/ | ||
type Fp = bigint; | ||
@@ -31,2 +31,16 @@ export type ShortSignatureCoder<Fp> = { | ||
}; | ||
type Fp2Bls<Fp, Fp2> = IField<Fp2> & { | ||
reim: (num: Fp2) => { | ||
re: Fp; | ||
im: Fp; | ||
}; | ||
multiplyByB: (num: Fp2) => Fp2; | ||
frobeniusMap(num: Fp2, power: number): Fp2; | ||
}; | ||
type Fp12Bls<Fp2, Fp12> = IField<Fp12> & { | ||
frobeniusMap(num: Fp12, power: number): Fp12; | ||
multiplyBy014(num: Fp12, o0: Fp2, o1: Fp2, o4: Fp2): Fp12; | ||
conjugate(num: Fp12): Fp12; | ||
finalExponentiate(num: Fp12): Fp12; | ||
}; | ||
export type CurveType<Fp, Fp2, Fp6, Fp12> = { | ||
@@ -46,17 +60,5 @@ G1: Omit<CurvePointsType<Fp>, 'n'> & { | ||
Fr: IField<bigint>; | ||
Fp2: IField<Fp2> & { | ||
reim: (num: Fp2) => { | ||
re: bigint; | ||
im: bigint; | ||
}; | ||
multiplyByB: (num: Fp2) => Fp2; | ||
frobeniusMap(num: Fp2, power: number): Fp2; | ||
}; | ||
Fp2: Fp2Bls<Fp, Fp2>; | ||
Fp6: IField<Fp6>; | ||
Fp12: IField<Fp12> & { | ||
frobeniusMap(num: Fp12, power: number): Fp12; | ||
multiplyBy014(num: Fp12, o0: Fp2, o1: Fp2, o4: Fp2): Fp12; | ||
conjugate(num: Fp12): Fp12; | ||
finalExponentiate(num: Fp12): Fp12; | ||
}; | ||
Fp12: Fp12Bls<Fp2, Fp12>; | ||
}; | ||
@@ -111,5 +113,5 @@ params: { | ||
Fp: IField<Fp>; | ||
Fp2: IField<Fp2>; | ||
Fp2: Fp2Bls<Fp, Fp2>; | ||
Fp6: IField<Fp6>; | ||
Fp12: IField<Fp12>; | ||
Fp12: Fp12Bls<Fp2, Fp12>; | ||
Fr: IField<bigint>; | ||
@@ -116,0 +118,0 @@ }; |
"use strict"; | ||
Object.defineProperty(exports, "__esModule", { value: true }); | ||
exports.bls = void 0; | ||
exports.bls = bls; | ||
const modular_js_1 = require("./modular.js"); | ||
@@ -288,3 +288,2 @@ const utils_js_1 = require("./utils.js"); | ||
} | ||
exports.bls = bls; | ||
//# sourceMappingURL=bls.js.map |
"use strict"; | ||
Object.defineProperty(exports, "__esModule", { value: true }); | ||
exports.validateBasic = exports.wNAF = void 0; | ||
exports.wNAF = wNAF; | ||
exports.validateBasic = validateBasic; | ||
/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ | ||
@@ -141,3 +142,2 @@ // Abelian group utilities | ||
} | ||
exports.wNAF = wNAF; | ||
function validateBasic(curve) { | ||
@@ -161,3 +161,2 @@ (0, modular_js_1.validateField)(curve.Fp); | ||
} | ||
exports.validateBasic = validateBasic; | ||
//# sourceMappingURL=curve.js.map |
@@ -1,4 +0,4 @@ | ||
import * as ut from './utils.js'; | ||
/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ | ||
import { AffinePoint, BasicCurve, Group, GroupConstructor } from './curve.js'; | ||
import { FHash, Hex } from './utils.js'; | ||
import { Group, GroupConstructor, BasicCurve, AffinePoint } from './curve.js'; | ||
export type CurveType = BasicCurve<bigint> & { | ||
@@ -24,18 +24,18 @@ a: bigint; | ||
readonly h: bigint; | ||
readonly hEff?: bigint | undefined; | ||
readonly hEff?: bigint; | ||
readonly Gx: bigint; | ||
readonly Gy: bigint; | ||
readonly allowInfinityPoint?: boolean | undefined; | ||
readonly allowInfinityPoint?: boolean; | ||
readonly a: bigint; | ||
readonly d: bigint; | ||
readonly hash: ut.FHash; | ||
readonly randomBytes: (bytesLength?: number | undefined) => Uint8Array; | ||
readonly adjustScalarBytes?: ((bytes: Uint8Array) => Uint8Array) | undefined; | ||
readonly domain?: ((data: Uint8Array, ctx: Uint8Array, phflag: boolean) => Uint8Array) | undefined; | ||
readonly uvRatio?: ((u: bigint, v: bigint) => { | ||
readonly hash: FHash; | ||
readonly randomBytes: (bytesLength?: number) => Uint8Array; | ||
readonly adjustScalarBytes?: (bytes: Uint8Array) => Uint8Array; | ||
readonly domain?: (data: Uint8Array, ctx: Uint8Array, phflag: boolean) => Uint8Array; | ||
readonly uvRatio?: (u: bigint, v: bigint) => { | ||
isValid: boolean; | ||
value: bigint; | ||
}) | undefined; | ||
readonly prehash?: ut.FHash | undefined; | ||
readonly mapToCurve?: ((scalar: bigint[]) => AffinePoint<bigint>) | undefined; | ||
}; | ||
readonly prehash?: FHash; | ||
readonly mapToCurve?: (scalar: bigint[]) => AffinePoint<bigint>; | ||
readonly p: bigint; | ||
@@ -42,0 +42,0 @@ }>; |
"use strict"; | ||
Object.defineProperty(exports, "__esModule", { value: true }); | ||
exports.twistedEdwards = void 0; | ||
exports.twistedEdwards = twistedEdwards; | ||
/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ | ||
// Twisted Edwards curve. The formula is: ax² + y² = 1 + dx²y² | ||
const curve_js_1 = require("./curve.js"); | ||
const modular_js_1 = require("./modular.js"); | ||
const ut = require("./utils.js"); | ||
const utils_js_1 = require("./utils.js"); | ||
const curve_js_1 = require("./curve.js"); | ||
// Be friendly to bad ECMAScript parsers by not using bigint literals | ||
@@ -75,2 +75,8 @@ // prettier-ignore | ||
class Point { | ||
ex; | ||
ey; | ||
ez; | ||
et; | ||
static BASE = new Point(CURVE.Gx, CURVE.Gy, _1n, modP(CURVE.Gx * CURVE.Gy)); | ||
static ZERO = new Point(_0n, _1n, _1n, _0n); // 0, 1, 1, 0 | ||
constructor(ex, ey, ez, et) { | ||
@@ -108,2 +114,6 @@ this.ex = ex; | ||
} | ||
// We calculate precomputes for elliptic curve point multiplication | ||
// using windowed method. This specifies window size and | ||
// stores precomputed values. Usually only base point would be precomputed. | ||
_WINDOW_SIZE; | ||
// "Private method", don't use it directly | ||
@@ -329,4 +339,2 @@ _setWindowSize(windowSize) { | ||
} | ||
Point.BASE = new Point(CURVE.Gx, CURVE.Gy, _1n, modP(CURVE.Gx * CURVE.Gy)); | ||
Point.ZERO = new Point(_0n, _1n, _1n, _0n); // 0, 1, 1, 0 | ||
const { BASE: G, ZERO: I } = Point; | ||
@@ -431,3 +439,2 @@ const wnaf = (0, curve_js_1.wNAF)(Point, nByteLength * 8); | ||
} | ||
exports.twistedEdwards = twistedEdwards; | ||
//# sourceMappingURL=edwards.js.map |
/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ | ||
import type { Group, GroupConstructor, AffinePoint } from './curve.js'; | ||
import type { AffinePoint, Group, GroupConstructor } from './curve.js'; | ||
import { IField } from './modular.js'; | ||
@@ -55,4 +55,5 @@ import type { CHash } from './utils.js'; | ||
encodeToCurve(msg: Uint8Array, options?: htfBasicOpts): H2CPoint<T>; | ||
mapToCurve(scalars: bigint[]): H2CPoint<T>; | ||
}; | ||
export {}; | ||
//# sourceMappingURL=hash-to-curve.d.ts.map |
"use strict"; | ||
Object.defineProperty(exports, "__esModule", { value: true }); | ||
exports.createHasher = exports.isogenyMap = exports.hash_to_field = exports.expand_message_xof = exports.expand_message_xmd = void 0; | ||
exports.expand_message_xmd = expand_message_xmd; | ||
exports.expand_message_xof = expand_message_xof; | ||
exports.hash_to_field = hash_to_field; | ||
exports.isogenyMap = isogenyMap; | ||
exports.createHasher = createHasher; | ||
const modular_js_1 = require("./modular.js"); | ||
@@ -57,3 +61,2 @@ const utils_js_1 = require("./utils.js"); | ||
} | ||
exports.expand_message_xmd = expand_message_xmd; | ||
// Produces a uniformly random byte string using an extendable-output function (XOF) H. | ||
@@ -84,3 +87,2 @@ // 1. The collision resistance of H MUST be at least k bits. | ||
} | ||
exports.expand_message_xof = expand_message_xof; | ||
/** | ||
@@ -135,3 +137,2 @@ * Hashes arbitrary-length byte strings to a list of one or more elements of a finite field F | ||
} | ||
exports.hash_to_field = hash_to_field; | ||
function isogenyMap(field, map) { | ||
@@ -147,3 +148,2 @@ // Make same order as in spec | ||
} | ||
exports.isogenyMap = isogenyMap; | ||
function createHasher(Point, mapToCurve, def) { | ||
@@ -171,5 +171,15 @@ if (typeof mapToCurve !== 'function') | ||
}, | ||
// Same as encodeToCurve, but without hash | ||
mapToCurve(scalars) { | ||
if (!Array.isArray(scalars)) | ||
throw new Error('mapToCurve: expected array of bigints'); | ||
for (const i of scalars) | ||
if (typeof i !== 'bigint') | ||
throw new Error(`mapToCurve: expected array of bigints, got ${i} in array`); | ||
const P = Point.fromAffine(mapToCurve(scalars)).clearCofactor(); | ||
P.assertValidity(); | ||
return P; | ||
}, | ||
}; | ||
} | ||
exports.createHasher = createHasher; | ||
//# sourceMappingURL=hash-to-curve.js.map |
"use strict"; | ||
Object.defineProperty(exports, "__esModule", { value: true }); | ||
exports.mapHashToField = exports.getMinHashLength = exports.getFieldBytesLength = exports.hashToPrivateScalar = exports.FpSqrtEven = exports.FpSqrtOdd = exports.Field = exports.nLength = exports.FpIsSquare = exports.FpDiv = exports.FpInvertBatch = exports.FpPow = exports.validateField = exports.isNegativeLE = exports.FpSqrt = exports.tonelliShanks = exports.invert = exports.pow2 = exports.pow = exports.mod = void 0; | ||
exports.isNegativeLE = void 0; | ||
exports.mod = mod; | ||
exports.pow = pow; | ||
exports.pow2 = pow2; | ||
exports.invert = invert; | ||
exports.tonelliShanks = tonelliShanks; | ||
exports.FpSqrt = FpSqrt; | ||
exports.validateField = validateField; | ||
exports.FpPow = FpPow; | ||
exports.FpInvertBatch = FpInvertBatch; | ||
exports.FpDiv = FpDiv; | ||
exports.FpIsSquare = FpIsSquare; | ||
exports.nLength = nLength; | ||
exports.Field = Field; | ||
exports.FpSqrtOdd = FpSqrtOdd; | ||
exports.FpSqrtEven = FpSqrtEven; | ||
exports.hashToPrivateScalar = hashToPrivateScalar; | ||
exports.getFieldBytesLength = getFieldBytesLength; | ||
exports.getMinHashLength = getMinHashLength; | ||
exports.mapHashToField = mapHashToField; | ||
/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ | ||
@@ -18,3 +37,2 @@ // Utilities for modular arithmetics and finite fields | ||
} | ||
exports.mod = mod; | ||
/** | ||
@@ -41,3 +59,2 @@ * Efficiently raise num to power and do modular division. | ||
} | ||
exports.pow = pow; | ||
// Does x ^ (2 ^ power) mod p. pow2(30, 4) == 30 ^ (2 ^ 4) | ||
@@ -52,3 +69,2 @@ function pow2(x, power, modulo) { | ||
} | ||
exports.pow2 = pow2; | ||
// Inverses number over modulo | ||
@@ -79,3 +95,2 @@ function invert(number, modulo) { | ||
} | ||
exports.invert = invert; | ||
/** | ||
@@ -145,3 +160,2 @@ * Tonelli-Shanks square root search algorithm. | ||
} | ||
exports.tonelliShanks = tonelliShanks; | ||
function FpSqrt(P) { | ||
@@ -205,3 +219,2 @@ // NOTE: different algorithms can give different roots, it is up to user to decide which one they want. | ||
} | ||
exports.FpSqrt = FpSqrt; | ||
// Little-endian check for first LE bit (last BE bit); | ||
@@ -229,3 +242,2 @@ const isNegativeLE = (num, modulo) => (mod(num, modulo) & _1n) === _1n; | ||
} | ||
exports.validateField = validateField; | ||
// Generic field functions | ||
@@ -255,3 +267,2 @@ /** | ||
} | ||
exports.FpPow = FpPow; | ||
/** | ||
@@ -281,7 +292,5 @@ * Efficiently invert an array of Field elements. | ||
} | ||
exports.FpInvertBatch = FpInvertBatch; | ||
function FpDiv(f, lhs, rhs) { | ||
return f.mul(lhs, typeof rhs === 'bigint' ? invert(rhs, f.ORDER) : f.inv(rhs)); | ||
} | ||
exports.FpDiv = FpDiv; | ||
// This function returns True whenever the value x is a square in the field F. | ||
@@ -295,3 +304,2 @@ function FpIsSquare(f) { | ||
} | ||
exports.FpIsSquare = FpIsSquare; | ||
// CURVE.n lengths | ||
@@ -304,3 +312,2 @@ function nLength(n, nBitLength) { | ||
} | ||
exports.nLength = nLength; | ||
/** | ||
@@ -368,3 +375,2 @@ * Initializes a finite field over prime. **Non-primes are not supported.** | ||
} | ||
exports.Field = Field; | ||
function FpSqrtOdd(Fp, elm) { | ||
@@ -376,3 +382,2 @@ if (!Fp.isOdd) | ||
} | ||
exports.FpSqrtOdd = FpSqrtOdd; | ||
function FpSqrtEven(Fp, elm) { | ||
@@ -384,3 +389,2 @@ if (!Fp.isOdd) | ||
} | ||
exports.FpSqrtEven = FpSqrtEven; | ||
/** | ||
@@ -401,3 +405,2 @@ * "Constant-time" private key generation utility. | ||
} | ||
exports.hashToPrivateScalar = hashToPrivateScalar; | ||
/** | ||
@@ -415,3 +418,2 @@ * Returns total number of bytes consumed by the field element. | ||
} | ||
exports.getFieldBytesLength = getFieldBytesLength; | ||
/** | ||
@@ -428,3 +430,2 @@ * Returns minimal amount of bytes that can be safely reduced | ||
} | ||
exports.getMinHashLength = getMinHashLength; | ||
/** | ||
@@ -455,3 +456,2 @@ * "Constant-time" private key generation utility. | ||
} | ||
exports.mapHashToField = mapHashToField; | ||
//# sourceMappingURL=modular.js.map |
"use strict"; | ||
Object.defineProperty(exports, "__esModule", { value: true }); | ||
exports.montgomery = void 0; | ||
exports.montgomery = montgomery; | ||
/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ | ||
@@ -158,3 +158,2 @@ const modular_js_1 = require("./modular.js"); | ||
} | ||
exports.montgomery = montgomery; | ||
//# sourceMappingURL=montgomery.js.map |
@@ -22,4 +22,4 @@ /*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ | ||
roundsPartial: number; | ||
sboxPower?: number | undefined; | ||
reversePartialPowIdx?: boolean | undefined; | ||
sboxPower?: number; | ||
reversePartialPowIdx?: boolean; | ||
}>; | ||
@@ -26,0 +26,0 @@ export declare function splitConstants(rc: bigint[], t: number): bigint[][]; |
"use strict"; | ||
Object.defineProperty(exports, "__esModule", { value: true }); | ||
exports.poseidon = exports.splitConstants = exports.validateOpts = void 0; | ||
exports.validateOpts = validateOpts; | ||
exports.splitConstants = splitConstants; | ||
exports.poseidon = poseidon; | ||
/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ | ||
@@ -54,3 +56,2 @@ // Poseidon Hash: https://eprint.iacr.org/2019/458.pdf, https://www.poseidon-hash.info | ||
} | ||
exports.validateOpts = validateOpts; | ||
function splitConstants(rc, t) { | ||
@@ -72,3 +73,2 @@ if (typeof t !== 'number') | ||
} | ||
exports.splitConstants = splitConstants; | ||
function poseidon(opts) { | ||
@@ -115,3 +115,2 @@ const _opts = validateOpts(opts); | ||
} | ||
exports.poseidon = poseidon; | ||
//# sourceMappingURL=poseidon.js.map |
@@ -78,9 +78,9 @@ export type Hex = Uint8Array | string; | ||
declare const validatorFns: { | ||
readonly bigint: (val: any) => boolean; | ||
readonly bigint: (val: any) => val is bigint; | ||
readonly function: (val: any) => boolean; | ||
readonly boolean: (val: any) => boolean; | ||
readonly string: (val: any) => boolean; | ||
readonly stringOrUint8Array: (val: any) => boolean; | ||
readonly boolean: (val: any) => val is boolean; | ||
readonly string: (val: any) => val is string; | ||
readonly stringOrUint8Array: (val: any) => val is string | Uint8Array; | ||
readonly isSafeInteger: (val: any) => boolean; | ||
readonly array: (val: any) => boolean; | ||
readonly array: (val: any) => val is any[]; | ||
readonly field: (val: any, object: any) => any; | ||
@@ -87,0 +87,0 @@ readonly hash: (val: any) => boolean; |
"use strict"; | ||
Object.defineProperty(exports, "__esModule", { value: true }); | ||
exports.validateObject = exports.createHmacDrbg = exports.bitMask = exports.bitSet = exports.bitGet = exports.bitLen = exports.utf8ToBytes = exports.equalBytes = exports.concatBytes = exports.ensureBytes = exports.numberToVarBytesBE = exports.numberToBytesLE = exports.numberToBytesBE = exports.bytesToNumberLE = exports.bytesToNumberBE = exports.hexToBytes = exports.hexToNumber = exports.numberToHexUnpadded = exports.bytesToHex = exports.abytes = exports.isBytes = void 0; | ||
exports.bitMask = void 0; | ||
exports.isBytes = isBytes; | ||
exports.abytes = abytes; | ||
exports.bytesToHex = bytesToHex; | ||
exports.numberToHexUnpadded = numberToHexUnpadded; | ||
exports.hexToNumber = hexToNumber; | ||
exports.hexToBytes = hexToBytes; | ||
exports.bytesToNumberBE = bytesToNumberBE; | ||
exports.bytesToNumberLE = bytesToNumberLE; | ||
exports.numberToBytesBE = numberToBytesBE; | ||
exports.numberToBytesLE = numberToBytesLE; | ||
exports.numberToVarBytesBE = numberToVarBytesBE; | ||
exports.ensureBytes = ensureBytes; | ||
exports.concatBytes = concatBytes; | ||
exports.equalBytes = equalBytes; | ||
exports.utf8ToBytes = utf8ToBytes; | ||
exports.bitLen = bitLen; | ||
exports.bitGet = bitGet; | ||
exports.bitSet = bitSet; | ||
exports.createHmacDrbg = createHmacDrbg; | ||
exports.validateObject = validateObject; | ||
/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ | ||
@@ -9,5 +29,5 @@ // 100 lines of code in the file are duplicated from noble-hashes (utils). | ||
// won't be included into their bundle. | ||
const _0n = BigInt(0); | ||
const _1n = BigInt(1); | ||
const _2n = BigInt(2); | ||
const _0n = /* @__PURE__ */ BigInt(0); | ||
const _1n = /* @__PURE__ */ BigInt(1); | ||
const _2n = /* @__PURE__ */ BigInt(2); | ||
function isBytes(a) { | ||
@@ -17,3 +37,2 @@ return (a instanceof Uint8Array || | ||
} | ||
exports.isBytes = isBytes; | ||
function abytes(item) { | ||
@@ -23,3 +42,2 @@ if (!isBytes(item)) | ||
} | ||
exports.abytes = abytes; | ||
// Array where index 0xf0 (240) is mapped to string 'f0' | ||
@@ -39,3 +57,2 @@ const hexes = /* @__PURE__ */ Array.from({ length: 256 }, (_, i) => i.toString(16).padStart(2, '0')); | ||
} | ||
exports.bytesToHex = bytesToHex; | ||
function numberToHexUnpadded(num) { | ||
@@ -45,3 +62,2 @@ const hex = num.toString(16); | ||
} | ||
exports.numberToHexUnpadded = numberToHexUnpadded; | ||
function hexToNumber(hex) { | ||
@@ -53,3 +69,2 @@ if (typeof hex !== 'string') | ||
} | ||
exports.hexToNumber = hexToNumber; | ||
// We use optimized technique to convert hex string to byte array | ||
@@ -88,3 +103,2 @@ const asciis = { _0: 48, _9: 57, _A: 65, _F: 70, _a: 97, _f: 102 }; | ||
} | ||
exports.hexToBytes = hexToBytes; | ||
// BE: Big Endian, LE: Little Endian | ||
@@ -94,3 +108,2 @@ function bytesToNumberBE(bytes) { | ||
} | ||
exports.bytesToNumberBE = bytesToNumberBE; | ||
function bytesToNumberLE(bytes) { | ||
@@ -100,11 +113,8 @@ abytes(bytes); | ||
} | ||
exports.bytesToNumberLE = bytesToNumberLE; | ||
function numberToBytesBE(n, len) { | ||
return hexToBytes(n.toString(16).padStart(len * 2, '0')); | ||
} | ||
exports.numberToBytesBE = numberToBytesBE; | ||
function numberToBytesLE(n, len) { | ||
return numberToBytesBE(n, len).reverse(); | ||
} | ||
exports.numberToBytesLE = numberToBytesLE; | ||
// Unpadded, rarely used | ||
@@ -114,3 +124,2 @@ function numberToVarBytesBE(n) { | ||
} | ||
exports.numberToVarBytesBE = numberToVarBytesBE; | ||
/** | ||
@@ -148,3 +157,2 @@ * Takes hex string or Uint8Array, converts to Uint8Array. | ||
} | ||
exports.ensureBytes = ensureBytes; | ||
/** | ||
@@ -168,3 +176,2 @@ * Copies several Uint8Arrays into one. | ||
} | ||
exports.concatBytes = concatBytes; | ||
// Compares 2 u8a-s in kinda constant time | ||
@@ -179,3 +186,2 @@ function equalBytes(a, b) { | ||
} | ||
exports.equalBytes = equalBytes; | ||
/** | ||
@@ -189,3 +195,2 @@ * @example utf8ToBytes('abc') // new Uint8Array([97, 98, 99]) | ||
} | ||
exports.utf8ToBytes = utf8ToBytes; | ||
// Bit operations | ||
@@ -202,3 +207,2 @@ /** | ||
} | ||
exports.bitLen = bitLen; | ||
/** | ||
@@ -212,3 +216,2 @@ * Gets single bit at position. | ||
} | ||
exports.bitGet = bitGet; | ||
/** | ||
@@ -220,3 +223,2 @@ * Sets single bit at position. | ||
} | ||
exports.bitSet = bitSet; | ||
/** | ||
@@ -289,3 +291,2 @@ * Calculate mask for N bits. Not using ** operator with bigints because of old engines. | ||
} | ||
exports.createHmacDrbg = createHmacDrbg; | ||
// Validating curves and fields | ||
@@ -322,3 +323,2 @@ const validatorFns = { | ||
} | ||
exports.validateObject = validateObject; | ||
// validate type tests | ||
@@ -325,0 +325,0 @@ // const o: { a: number; b: number; c: number } = { a: 1, b: 5, c: 6 }; |
/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ | ||
import { AffinePoint, BasicCurve, Group, GroupConstructor } from './curve.js'; | ||
import * as mod from './modular.js'; | ||
import * as ut from './utils.js'; | ||
import { CHash, Hex, PrivKey } from './utils.js'; | ||
import { Group, GroupConstructor, BasicCurve, AffinePoint } from './curve.js'; | ||
export type { AffinePoint }; | ||
@@ -92,11 +91,11 @@ type HmacFnSync = (key: Uint8Array, ...messages: Uint8Array[]) => Uint8Array; | ||
readonly h: bigint; | ||
readonly hEff?: bigint | undefined; | ||
readonly hEff?: bigint; | ||
readonly Gx: T; | ||
readonly Gy: T; | ||
readonly allowInfinityPoint?: boolean | undefined; | ||
readonly allowInfinityPoint?: boolean; | ||
readonly a: T; | ||
readonly b: T; | ||
readonly allowedPrivateKeyLengths?: readonly number[] | undefined; | ||
readonly wrapPrivateKey?: boolean | undefined; | ||
readonly endo?: EndomorphismOpts | undefined; | ||
readonly allowedPrivateKeyLengths?: readonly number[]; | ||
readonly wrapPrivateKey?: boolean; | ||
readonly endo?: EndomorphismOpts; | ||
readonly isTorsionFree?: ((c: ProjConstructor<T>, point: ProjPointType<T>) => boolean) | undefined; | ||
@@ -120,3 +119,4 @@ readonly clearCofactor?: ((c: ProjConstructor<T>, point: ProjPointType<T>) => ProjPointType<T>) | undefined; | ||
message: string; | ||
stack?: string | undefined; | ||
stack?: string; | ||
cause?: unknown; | ||
}; | ||
@@ -179,19 +179,19 @@ }; | ||
readonly h: bigint; | ||
readonly hEff?: bigint | undefined; | ||
readonly hEff?: bigint; | ||
readonly Gx: bigint; | ||
readonly Gy: bigint; | ||
readonly allowInfinityPoint?: boolean | undefined; | ||
readonly allowInfinityPoint?: boolean; | ||
readonly a: bigint; | ||
readonly b: bigint; | ||
readonly allowedPrivateKeyLengths?: readonly number[] | undefined; | ||
readonly wrapPrivateKey?: boolean | undefined; | ||
readonly endo?: EndomorphismOpts | undefined; | ||
readonly allowedPrivateKeyLengths?: readonly number[]; | ||
readonly wrapPrivateKey?: boolean; | ||
readonly endo?: EndomorphismOpts; | ||
readonly isTorsionFree?: ((c: ProjConstructor<bigint>, point: ProjPointType<bigint>) => boolean) | undefined; | ||
readonly clearCofactor?: ((c: ProjConstructor<bigint>, point: ProjPointType<bigint>) => ProjPointType<bigint>) | undefined; | ||
readonly hash: ut.CHash; | ||
readonly hash: CHash; | ||
readonly hmac: HmacFnSync; | ||
readonly randomBytes: (bytesLength?: number | undefined) => Uint8Array; | ||
readonly randomBytes: (bytesLength?: number) => Uint8Array; | ||
lowS: boolean; | ||
readonly bits2int?: ((bytes: Uint8Array) => bigint) | undefined; | ||
readonly bits2int_modN?: ((bytes: Uint8Array) => bigint) | undefined; | ||
readonly bits2int?: (bytes: Uint8Array) => bigint; | ||
readonly bits2int_modN?: (bytes: Uint8Array) => bigint; | ||
readonly p: bigint; | ||
@@ -198,0 +198,0 @@ }>; |
"use strict"; | ||
Object.defineProperty(exports, "__esModule", { value: true }); | ||
exports.mapToCurveSimpleSWU = exports.SWUFpSqrtRatio = exports.weierstrass = exports.weierstrassPoints = exports.DER = void 0; | ||
exports.DER = void 0; | ||
exports.weierstrassPoints = weierstrassPoints; | ||
exports.weierstrass = weierstrass; | ||
exports.SWUFpSqrtRatio = SWUFpSqrtRatio; | ||
exports.mapToCurveSimpleSWU = mapToCurveSimpleSWU; | ||
/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ | ||
// Short Weierstrass curve. The formula is: y² = x³ + ax + b | ||
const curve_js_1 = require("./curve.js"); | ||
const mod = require("./modular.js"); | ||
const ut = require("./utils.js"); | ||
const utils_js_1 = require("./utils.js"); | ||
const curve_js_1 = require("./curve.js"); | ||
function validatePointOpts(curve) { | ||
@@ -178,2 +182,7 @@ const opts = (0, curve_js_1.validateBasic)(curve); | ||
class Point { | ||
px; | ||
py; | ||
pz; | ||
static BASE = new Point(CURVE.Gx, CURVE.Gy, Fp.ONE); | ||
static ZERO = new Point(Fp.ZERO, Fp.ONE, Fp.ZERO); | ||
constructor(px, py, pz) { | ||
@@ -233,2 +242,6 @@ this.px = px; | ||
} | ||
// We calculate precomputes for elliptic curve point multiplication | ||
// using windowed method. This specifies window size and | ||
// stores precomputed values. Usually only base point would be precomputed. | ||
_WINDOW_SIZE; | ||
// "Private method", don't use it directly | ||
@@ -515,4 +528,2 @@ _setWindowSize(windowSize) { | ||
} | ||
Point.BASE = new Point(CURVE.Gx, CURVE.Gy, Fp.ONE); | ||
Point.ZERO = new Point(Fp.ZERO, Fp.ONE, Fp.ZERO); | ||
const _bits = CURVE.nBitLength; | ||
@@ -529,3 +540,2 @@ const wnaf = (0, curve_js_1.wNAF)(Point, CURVE.endo ? Math.ceil(_bits / 2) : _bits); | ||
} | ||
exports.weierstrassPoints = weierstrassPoints; | ||
function validateOpts(curve) { | ||
@@ -620,2 +630,5 @@ const opts = (0, curve_js_1.validateBasic)(curve); | ||
class Signature { | ||
r; | ||
s; | ||
recovery; | ||
constructor(r, s, recovery) { | ||
@@ -949,3 +962,2 @@ this.r = r; | ||
} | ||
exports.weierstrass = weierstrass; | ||
/** | ||
@@ -1029,3 +1041,2 @@ * Implementation of the Shallue and van de Woestijne method for any weierstrass curve. | ||
} | ||
exports.SWUFpSqrtRatio = SWUFpSqrtRatio; | ||
/** | ||
@@ -1075,3 +1086,2 @@ * Simplified Shallue-van de Woestijne-Ulas Method | ||
} | ||
exports.mapToCurveSimpleSWU = mapToCurveSimpleSWU; | ||
//# sourceMappingURL=weierstrass.js.map |
@@ -1,2 +0,1 @@ | ||
/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ | ||
import { CurveFn } from './abstract/bls.js'; | ||
@@ -3,0 +2,0 @@ import * as mod from './abstract/modular.js'; |
"use strict"; | ||
/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ | ||
Object.defineProperty(exports, "__esModule", { value: true }); | ||
exports.bls12_381 = void 0; | ||
// bls12-381 is pairing-friendly Barreto-Lynn-Scott elliptic curve construction allowing to: | ||
// - Construct zk-SNARKs at the 120-bit security | ||
// - Efficiently verify N aggregate signatures with 1 pairing and N ec additions: | ||
// the Boneh-Lynn-Shacham signature scheme is orders of magnitude more efficient than Schnorr | ||
// | ||
// ### Summary | ||
// 1. BLS Relies on Bilinear Pairing (expensive) | ||
// 2. Private Keys: 32 bytes | ||
// 3. Public Keys: 48 bytes: 381 bit affine x coordinate, encoded into 48 big-endian bytes. | ||
// 4. Signatures: 96 bytes: two 381 bit integers (affine x coordinate), encoded into two 48 big-endian byte arrays. | ||
// - The signature is a point on the G2 subgroup, which is defined over a finite field | ||
// with elements twice as big as the G1 curve (G2 is over Fp2 rather than Fp. Fp2 is analogous to the complex numbers). | ||
// 5. The 12 stands for the Embedding degree. | ||
// | ||
// ### Formulas | ||
// - `P = pk x G` - public keys | ||
// - `S = pk x H(m)` - signing | ||
// - `e(P, H(m)) == e(G, S)` - verification using pairings | ||
// - `e(G, S) = e(G, SUM(n)(Si)) = MUL(n)(e(G, Si))` - signature aggregation | ||
// | ||
// ### Compatibility and notes | ||
// 1. It is compatible with Algorand, Chia, Dfinity, Ethereum, Filecoin, ZEC | ||
// Filecoin uses little endian byte arrays for private keys - make sure to reverse byte order. | ||
// 2. Some projects use G2 for public keys and G1 for signatures. It's called "short signature" | ||
// 3. Curve security level is about 120 bits as per Barbulescu-Duquesne 2017 | ||
// https://hal.science/hal-01534101/file/main.pdf | ||
// 4. Compatible with specs: | ||
// [cfrg-pairing-friendly-curves-11](https://tools.ietf.org/html/draft-irtf-cfrg-pairing-friendly-curves-11), | ||
// [cfrg-bls-signature-05](https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-bls-signature-05), | ||
// [RFC 9380](https://www.rfc-editor.org/rfc/rfc9380). | ||
/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ | ||
const sha256_1 = require("@noble/hashes/sha256"); | ||
@@ -41,4 +11,36 @@ const utils_1 = require("@noble/hashes/utils"); | ||
// Types | ||
const hash_to_curve_js_1 = require("./abstract/hash-to-curve.js"); | ||
const weierstrass_js_1 = require("./abstract/weierstrass.js"); | ||
const hash_to_curve_js_1 = require("./abstract/hash-to-curve.js"); | ||
/* | ||
bls12-381 is pairing-friendly Barreto-Lynn-Scott elliptic curve construction allowing to: | ||
- Construct zk-SNARKs at the 120-bit security | ||
- Efficiently verify N aggregate signatures with 1 pairing and N ec additions: | ||
the Boneh-Lynn-Shacham signature scheme is orders of magnitude more efficient than Schnorr | ||
### Summary | ||
1. BLS Relies on Bilinear Pairing (expensive) | ||
2. Private Keys: 32 bytes | ||
3. Public Keys: 48 bytes: 381 bit affine x coordinate, encoded into 48 big-endian bytes. | ||
4. Signatures: 96 bytes: two 381 bit integers (affine x coordinate), encoded into two 48 big-endian byte arrays. | ||
- The signature is a point on the G2 subgroup, which is defined over a finite field | ||
with elements twice as big as the G1 curve (G2 is over Fp2 rather than Fp. Fp2 is analogous to the complex numbers). | ||
5. The 12 stands for the Embedding degree. | ||
### Formulas | ||
- `P = pk x G` - public keys | ||
- `S = pk x H(m)` - signing | ||
- `e(P, H(m)) == e(G, S)` - verification using pairings | ||
- `e(G, S) = e(G, SUM(n)(Si)) = MUL(n)(e(G, Si))` - signature aggregation | ||
### Compatibility and notes | ||
1. It is compatible with Algorand, Chia, Dfinity, Ethereum, Filecoin, ZEC | ||
Filecoin uses little endian byte arrays for private keys - make sure to reverse byte order. | ||
2. Some projects use G2 for public keys and G1 for signatures. It's called "short signature" | ||
3. Curve security level is about 120 bits as per Barbulescu-Duquesne 2017 | ||
https://hal.science/hal-01534101/file/main.pdf | ||
4. Compatible with specs: | ||
[cfrg-pairing-friendly-curves-11](https://tools.ietf.org/html/draft-irtf-cfrg-pairing-friendly-curves-11), | ||
[cfrg-bls-signature-05](https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-bls-signature-05), | ||
[RFC 9380](https://www.rfc-editor.org/rfc/rfc9380). | ||
*/ | ||
// Be friendly to bad ECMAScript parsers by not using bigint literals | ||
@@ -865,18 +867,18 @@ // prettier-ignore | ||
bytes = bytes.slice(); | ||
const mask = bytes[0] & 224; | ||
const mask = bytes[0] & 0b1110_0000; | ||
const compressed = !!((mask >> 7) & 1); // compression bit (0b1000_0000) | ||
const infinity = !!((mask >> 6) & 1); // point at infinity bit (0b0100_0000) | ||
const sort = !!((mask >> 5) & 1); // sort bit (0b0010_0000) | ||
bytes[0] &= 31; // clear mask (zero first 3 bits) | ||
bytes[0] &= 0b0001_1111; // clear mask (zero first 3 bits) | ||
return { compressed, infinity, sort, value: bytes }; | ||
} | ||
function setMask(bytes, mask) { | ||
if (bytes[0] & 224) | ||
if (bytes[0] & 0b1110_0000) | ||
throw new Error('setMask: non-empty mask'); | ||
if (mask.compressed) | ||
bytes[0] |= 128; | ||
bytes[0] |= 0b1000_0000; | ||
if (mask.infinity) | ||
bytes[0] |= 64; | ||
bytes[0] |= 0b0100_0000; | ||
if (mask.sort) | ||
bytes[0] |= 32; | ||
bytes[0] |= 0b0010_0000; | ||
return bytes; | ||
@@ -1125,3 +1127,3 @@ } | ||
) { | ||
throw new Error('Invalid encoding flag: ' + (bytes[0] & 224)); | ||
throw new Error('Invalid encoding flag: ' + (bytes[0] & 0b1110_0000)); | ||
} | ||
@@ -1128,0 +1130,0 @@ const L = Fp.BYTES; |
@@ -6,5 +6,5 @@ "use strict"; | ||
const sha256_1 = require("@noble/hashes/sha256"); | ||
const weierstrass_js_1 = require("./abstract/weierstrass.js"); | ||
const _shortw_utils_js_1 = require("./_shortw_utils.js"); | ||
const modular_js_1 = require("./abstract/modular.js"); | ||
const weierstrass_js_1 = require("./abstract/weierstrass.js"); | ||
/** | ||
@@ -11,0 +11,0 @@ * bn254 pairing-friendly curve. |
@@ -0,5 +1,5 @@ | ||
import { AffinePoint, Group } from './abstract/curve.js'; | ||
import { ExtPointType } from './abstract/edwards.js'; | ||
import { htfBasicOpts } from './abstract/hash-to-curve.js'; | ||
import { Hex } from './abstract/utils.js'; | ||
import { htfBasicOpts } from './abstract/hash-to-curve.js'; | ||
import { AffinePoint, Group } from './abstract/curve.js'; | ||
export declare const ED25519_TORSION_SUBGROUP: string[]; | ||
@@ -29,4 +29,4 @@ export declare const ed25519: import("./abstract/edwards.js").CurveFn; | ||
export declare function edwardsToMontgomeryPriv(edwardsPriv: Uint8Array): Uint8Array; | ||
export declare const hashToCurve: (msg: Uint8Array, options?: htfBasicOpts | undefined) => import("./abstract/hash-to-curve.js").H2CPoint<bigint>; | ||
export declare const encodeToCurve: (msg: Uint8Array, options?: htfBasicOpts | undefined) => import("./abstract/hash-to-curve.js").H2CPoint<bigint>; | ||
export declare const hashToCurve: (msg: Uint8Array, options?: htfBasicOpts) => import("./abstract/hash-to-curve.js").H2CPoint<bigint>; | ||
export declare const encodeToCurve: (msg: Uint8Array, options?: htfBasicOpts) => import("./abstract/hash-to-curve.js").H2CPoint<bigint>; | ||
type ExtendedPoint = ExtPointType; | ||
@@ -33,0 +33,0 @@ /** |
"use strict"; | ||
Object.defineProperty(exports, "__esModule", { value: true }); | ||
exports.hash_to_ristretto255 = exports.hashToRistretto255 = exports.RistrettoPoint = exports.encodeToCurve = exports.hashToCurve = exports.edwardsToMontgomeryPriv = exports.edwardsToMontgomery = exports.edwardsToMontgomeryPub = exports.x25519 = exports.ed25519ph = exports.ed25519ctx = exports.ed25519 = exports.ED25519_TORSION_SUBGROUP = void 0; | ||
exports.hash_to_ristretto255 = exports.hashToRistretto255 = exports.RistrettoPoint = exports.encodeToCurve = exports.hashToCurve = exports.edwardsToMontgomery = exports.x25519 = exports.ed25519ph = exports.ed25519ctx = exports.ed25519 = exports.ED25519_TORSION_SUBGROUP = void 0; | ||
exports.edwardsToMontgomeryPub = edwardsToMontgomeryPub; | ||
exports.edwardsToMontgomeryPriv = edwardsToMontgomeryPriv; | ||
/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ | ||
@@ -8,6 +10,6 @@ const sha512_1 = require("@noble/hashes/sha512"); | ||
const edwards_js_1 = require("./abstract/edwards.js"); | ||
const hash_to_curve_js_1 = require("./abstract/hash-to-curve.js"); | ||
const modular_js_1 = require("./abstract/modular.js"); | ||
const montgomery_js_1 = require("./abstract/montgomery.js"); | ||
const modular_js_1 = require("./abstract/modular.js"); | ||
const utils_js_1 = require("./abstract/utils.js"); | ||
const hash_to_curve_js_1 = require("./abstract/hash-to-curve.js"); | ||
/** | ||
@@ -21,8 +23,10 @@ * ed25519 Twisted Edwards curve with following addons: | ||
// √(-1) aka √(a) aka 2^((p-1)/4) | ||
const ED25519_SQRT_M1 = BigInt('19681161376707505956807079304988542015446066515923890162744021073123829784752'); | ||
const ED25519_SQRT_M1 = /* @__PURE__ */ BigInt('19681161376707505956807079304988542015446066515923890162744021073123829784752'); | ||
// prettier-ignore | ||
const _0n = BigInt(0), _1n = BigInt(1), _2n = BigInt(2), _5n = BigInt(5); | ||
const _0n = BigInt(0), _1n = BigInt(1), _2n = BigInt(2), _3n = BigInt(3); | ||
// prettier-ignore | ||
const _10n = BigInt(10), _20n = BigInt(20), _40n = BigInt(40), _80n = BigInt(80); | ||
const _5n = BigInt(5), _8n = BigInt(8); | ||
function ed25519_pow_2_252_3(x) { | ||
// prettier-ignore | ||
const _10n = BigInt(10), _20n = BigInt(20), _40n = BigInt(40), _80n = BigInt(80); | ||
const P = ED25519_P; | ||
@@ -87,4 +91,4 @@ const x2 = (x * x) % P; | ||
]; | ||
const Fp = (0, modular_js_1.Field)(ED25519_P, undefined, true); | ||
const ed25519Defaults = { | ||
const Fp = /* @__PURE__ */ (() => (0, modular_js_1.Field)(ED25519_P, undefined, true))(); | ||
const ed25519Defaults = /* @__PURE__ */ (() => ({ | ||
// Param: a | ||
@@ -101,3 +105,3 @@ a: BigInt(-1), // Fp.create(-1) is proper; our way still works and is faster | ||
// Cofactor | ||
h: BigInt(8), | ||
h: _8n, | ||
// Base point (x, y) aka generator point | ||
@@ -113,4 +117,4 @@ Gx: BigInt('15112221349535400772501151409588531511454012693041857206046113283949847762202'), | ||
uvRatio, | ||
}; | ||
exports.ed25519 = (0, edwards_js_1.twistedEdwards)(ed25519Defaults); | ||
}))(); | ||
exports.ed25519 = (() => (0, edwards_js_1.twistedEdwards)(ed25519Defaults))(); | ||
function ed25519_domain(data, ctx, phflag) { | ||
@@ -121,11 +125,10 @@ if (ctx.length > 255) | ||
} | ||
exports.ed25519ctx = (0, edwards_js_1.twistedEdwards)({ | ||
exports.ed25519ctx = (() => (0, edwards_js_1.twistedEdwards)({ | ||
...ed25519Defaults, | ||
domain: ed25519_domain, | ||
}); | ||
exports.ed25519ph = (0, edwards_js_1.twistedEdwards)({ | ||
...ed25519Defaults, | ||
}))(); | ||
exports.ed25519ph = (() => (0, edwards_js_1.twistedEdwards)(Object.assign({}, ed25519Defaults, { | ||
domain: ed25519_domain, | ||
prehash: sha512_1.sha512, | ||
}); | ||
})))(); | ||
exports.x25519 = (() => (0, montgomery_js_1.montgomery)({ | ||
@@ -141,3 +144,3 @@ P: ED25519_P, | ||
const { pow_p_5_8, b2 } = ed25519_pow_2_252_3(x); | ||
return (0, modular_js_1.mod)((0, modular_js_1.pow2)(pow_p_5_8, BigInt(3), P) * b2, P); | ||
return (0, modular_js_1.mod)((0, modular_js_1.pow2)(pow_p_5_8, _3n, P) * b2, P); | ||
}, | ||
@@ -161,3 +164,2 @@ adjustScalarBytes, | ||
} | ||
exports.edwardsToMontgomeryPub = edwardsToMontgomeryPub; | ||
exports.edwardsToMontgomery = edwardsToMontgomeryPub; // deprecated | ||
@@ -175,13 +177,12 @@ /** | ||
} | ||
exports.edwardsToMontgomeryPriv = edwardsToMontgomeryPriv; | ||
// Hash To Curve Elligator2 Map (NOTE: different from ristretto255 elligator) | ||
// NOTE: very important part is usage of FpSqrtEven for ELL2_C1_EDWARDS, since | ||
// SageMath returns different root first and everything falls apart | ||
const ELL2_C1 = (Fp.ORDER + BigInt(3)) / BigInt(8); // 1. c1 = (q + 3) / 8 # Integer arithmetic | ||
const ELL2_C2 = Fp.pow(_2n, ELL2_C1); // 2. c2 = 2^c1 | ||
const ELL2_C3 = Fp.sqrt(Fp.neg(Fp.ONE)); // 3. c3 = sqrt(-1) | ||
const ELL2_C4 = (Fp.ORDER - BigInt(5)) / BigInt(8); // 4. c4 = (q - 5) / 8 # Integer arithmetic | ||
const ELL2_J = BigInt(486662); | ||
const ELL2_C1 = /* @__PURE__ */ (() => (Fp.ORDER + _3n) / _8n)(); // 1. c1 = (q + 3) / 8 # Integer arithmetic | ||
const ELL2_C2 = /* @__PURE__ */ (() => Fp.pow(_2n, ELL2_C1))(); // 2. c2 = 2^c1 | ||
const ELL2_C3 = /* @__PURE__ */ (() => Fp.sqrt(Fp.neg(Fp.ONE)))(); // 3. c3 = sqrt(-1) | ||
// prettier-ignore | ||
function map_to_curve_elligator2_curve25519(u) { | ||
const ELL2_C4 = (Fp.ORDER - _5n) / _8n; // 4. c4 = (q - 5) / 8 # Integer arithmetic | ||
const ELL2_J = BigInt(486662); | ||
let tv1 = Fp.sqr(u); // 1. tv1 = u^2 | ||
@@ -227,3 +228,3 @@ tv1 = Fp.mul(tv1, _2n); // 2. tv1 = 2 * tv1 | ||
} | ||
const ELL2_C1_EDWARDS = (0, modular_js_1.FpSqrtEven)(Fp, Fp.neg(BigInt(486664))); // sgn0(c1) MUST equal 0 | ||
const ELL2_C1_EDWARDS = /* @__PURE__ */ (() => (0, modular_js_1.FpSqrtEven)(Fp, Fp.neg(BigInt(486664))))(); // sgn0(c1) MUST equal 0 | ||
function map_to_curve_elligator2_edwards25519(u) { | ||
@@ -264,12 +265,12 @@ const { xMn, xMd, yMn, yMd } = map_to_curve_elligator2_curve25519(u); // 1. (xMn, xMd, yMn, yMd) = | ||
// √(ad - 1) | ||
const SQRT_AD_MINUS_ONE = BigInt('25063068953384623474111414158702152701244531502492656460079210482610430750235'); | ||
const SQRT_AD_MINUS_ONE = /* @__PURE__ */ BigInt('25063068953384623474111414158702152701244531502492656460079210482610430750235'); | ||
// 1 / √(a-d) | ||
const INVSQRT_A_MINUS_D = BigInt('54469307008909316920995813868745141605393597292927456921205312896311721017578'); | ||
const INVSQRT_A_MINUS_D = /* @__PURE__ */ BigInt('54469307008909316920995813868745141605393597292927456921205312896311721017578'); | ||
// 1-d² | ||
const ONE_MINUS_D_SQ = BigInt('1159843021668779879193775521855586647937357759715417654439879720876111806838'); | ||
const ONE_MINUS_D_SQ = /* @__PURE__ */ BigInt('1159843021668779879193775521855586647937357759715417654439879720876111806838'); | ||
// (d-1)² | ||
const D_MINUS_ONE_SQ = BigInt('40440834346308536858101042469323190826248399146238708352240133220865137265952'); | ||
const D_MINUS_ONE_SQ = /* @__PURE__ */ BigInt('40440834346308536858101042469323190826248399146238708352240133220865137265952'); | ||
// Calculates 1/√(number) | ||
const invertSqrt = (number) => uvRatio(_1n, number); | ||
const MAX_255B = BigInt('0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff'); | ||
const MAX_255B = /* @__PURE__ */ BigInt('0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff'); | ||
const bytes255ToNumberLE = (bytes) => exports.ed25519.CURVE.Fp.create((0, utils_js_1.bytesToNumberLE)(bytes) & MAX_255B); | ||
@@ -310,2 +311,5 @@ // Computes Elligator map for Ristretto | ||
class RistPoint { | ||
ep; | ||
static BASE; | ||
static ZERO; | ||
// Private property to discourage combining ExtendedPoint + RistrettoPoint | ||
@@ -312,0 +316,0 @@ // Always use Ristretto encoding/decoding instead. |
@@ -0,5 +1,5 @@ | ||
import { AffinePoint, Group } from './abstract/curve.js'; | ||
import { ExtPointType } from './abstract/edwards.js'; | ||
import { htfBasicOpts } from './abstract/hash-to-curve.js'; | ||
import { Hex } from './abstract/utils.js'; | ||
import { AffinePoint, Group } from './abstract/curve.js'; | ||
export declare const ed448: import("./abstract/edwards.js").CurveFn; | ||
@@ -18,4 +18,4 @@ export declare const ed448ph: import("./abstract/edwards.js").CurveFn; | ||
export declare const edwardsToMontgomery: typeof edwardsToMontgomeryPub; | ||
export declare const hashToCurve: (msg: Uint8Array, options?: htfBasicOpts | undefined) => import("./abstract/hash-to-curve.js").H2CPoint<bigint>; | ||
export declare const encodeToCurve: (msg: Uint8Array, options?: htfBasicOpts | undefined) => import("./abstract/hash-to-curve.js").H2CPoint<bigint>; | ||
export declare const hashToCurve: (msg: Uint8Array, options?: htfBasicOpts) => import("./abstract/hash-to-curve.js").H2CPoint<bigint>; | ||
export declare const encodeToCurve: (msg: Uint8Array, options?: htfBasicOpts) => import("./abstract/hash-to-curve.js").H2CPoint<bigint>; | ||
type ExtendedPoint = ExtPointType; | ||
@@ -22,0 +22,0 @@ /** |
"use strict"; | ||
Object.defineProperty(exports, "__esModule", { value: true }); | ||
exports.hash_to_decaf448 = exports.hashToDecaf448 = exports.DecafPoint = exports.encodeToCurve = exports.hashToCurve = exports.edwardsToMontgomery = exports.edwardsToMontgomeryPub = exports.x448 = exports.ed448ph = exports.ed448 = void 0; | ||
exports.hash_to_decaf448 = exports.hashToDecaf448 = exports.DecafPoint = exports.encodeToCurve = exports.hashToCurve = exports.edwardsToMontgomery = exports.x448 = exports.ed448ph = exports.ed448 = void 0; | ||
exports.edwardsToMontgomeryPub = edwardsToMontgomeryPub; | ||
/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ | ||
@@ -8,5 +9,5 @@ const sha3_1 = require("@noble/hashes/sha3"); | ||
const edwards_js_1 = require("./abstract/edwards.js"); | ||
const hash_to_curve_js_1 = require("./abstract/hash-to-curve.js"); | ||
const modular_js_1 = require("./abstract/modular.js"); | ||
const montgomery_js_1 = require("./abstract/montgomery.js"); | ||
const hash_to_curve_js_1 = require("./abstract/hash-to-curve.js"); | ||
const utils_js_1 = require("./abstract/utils.js"); | ||
@@ -139,3 +140,2 @@ /** | ||
} | ||
exports.edwardsToMontgomeryPub = edwardsToMontgomeryPub; | ||
exports.edwardsToMontgomery = edwardsToMontgomeryPub; // deprecated | ||
@@ -278,2 +278,5 @@ // TODO: add edwardsToMontgomeryPriv, similar to ed25519 version | ||
class DcfPoint { | ||
ep; | ||
static BASE; | ||
static ZERO; | ||
// Private property to discourage combining ExtendedPoint + DecafPoint | ||
@@ -280,0 +283,0 @@ // Always use Decaf encoding/decoding instead. |
/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ | ||
// Twisted Edwards curve. The formula is: ax² + y² = 1 + dx²y² | ||
import { validateBasic, wNAF } from './curve.js'; | ||
import { mod } from './modular.js'; | ||
import * as ut from './utils.js'; | ||
import { ensureBytes } from './utils.js'; | ||
import { wNAF, validateBasic } from './curve.js'; | ||
// Be friendly to bad ECMAScript parsers by not using bigint literals | ||
@@ -72,2 +72,8 @@ // prettier-ignore | ||
class Point { | ||
ex; | ||
ey; | ||
ez; | ||
et; | ||
static BASE = new Point(CURVE.Gx, CURVE.Gy, _1n, modP(CURVE.Gx * CURVE.Gy)); | ||
static ZERO = new Point(_0n, _1n, _1n, _0n); // 0, 1, 1, 0 | ||
constructor(ex, ey, ez, et) { | ||
@@ -105,2 +111,6 @@ this.ex = ex; | ||
} | ||
// We calculate precomputes for elliptic curve point multiplication | ||
// using windowed method. This specifies window size and | ||
// stores precomputed values. Usually only base point would be precomputed. | ||
_WINDOW_SIZE; | ||
// "Private method", don't use it directly | ||
@@ -326,4 +336,2 @@ _setWindowSize(windowSize) { | ||
} | ||
Point.BASE = new Point(CURVE.Gx, CURVE.Gy, _1n, modP(CURVE.Gx * CURVE.Gy)); | ||
Point.ZERO = new Point(_0n, _1n, _1n, _0n); // 0, 1, 1, 0 | ||
const { BASE: G, ZERO: I } = Point; | ||
@@ -330,0 +338,0 @@ const wnaf = wNAF(Point, nByteLength * 8); |
import { mod } from './modular.js'; | ||
import { bytesToNumberBE, abytes, concatBytes, utf8ToBytes, validateObject } from './utils.js'; | ||
import { abytes, bytesToNumberBE, concatBytes, utf8ToBytes, validateObject } from './utils.js'; | ||
// Octet Stream to Integer. "spec" implementation of os2ip is 2.5x slower vs bytesToNumberBE. | ||
@@ -160,4 +160,15 @@ const os2ip = bytesToNumberBE; | ||
}, | ||
// Same as encodeToCurve, but without hash | ||
mapToCurve(scalars) { | ||
if (!Array.isArray(scalars)) | ||
throw new Error('mapToCurve: expected array of bigints'); | ||
for (const i of scalars) | ||
if (typeof i !== 'bigint') | ||
throw new Error(`mapToCurve: expected array of bigints, got ${i} in array`); | ||
const P = Point.fromAffine(mapToCurve(scalars)).clearCofactor(); | ||
P.assertValidity(); | ||
return P; | ||
}, | ||
}; | ||
} | ||
//# sourceMappingURL=hash-to-curve.js.map |
/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ | ||
// Utilities for modular arithmetics and finite fields | ||
import { bitMask, numberToBytesBE, numberToBytesLE, bytesToNumberBE, bytesToNumberLE, ensureBytes, validateObject, } from './utils.js'; | ||
import { bitMask, bytesToNumberBE, bytesToNumberLE, ensureBytes, numberToBytesBE, numberToBytesLE, validateObject, } from './utils.js'; | ||
// prettier-ignore | ||
@@ -5,0 +5,0 @@ const _0n = BigInt(0), _1n = BigInt(1), _2n = BigInt(2), _3n = BigInt(3); |
@@ -6,5 +6,5 @@ /*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ | ||
// won't be included into their bundle. | ||
const _0n = BigInt(0); | ||
const _1n = BigInt(1); | ||
const _2n = BigInt(2); | ||
const _0n = /* @__PURE__ */ BigInt(0); | ||
const _1n = /* @__PURE__ */ BigInt(1); | ||
const _2n = /* @__PURE__ */ BigInt(2); | ||
export function isBytes(a) { | ||
@@ -11,0 +11,0 @@ return (a instanceof Uint8Array || |
/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ | ||
// Short Weierstrass curve. The formula is: y² = x³ + ax + b | ||
import { validateBasic, wNAF } from './curve.js'; | ||
import * as mod from './modular.js'; | ||
import * as ut from './utils.js'; | ||
import { ensureBytes } from './utils.js'; | ||
import { wNAF, validateBasic } from './curve.js'; | ||
function validatePointOpts(curve) { | ||
@@ -175,2 +175,7 @@ const opts = validateBasic(curve); | ||
class Point { | ||
px; | ||
py; | ||
pz; | ||
static BASE = new Point(CURVE.Gx, CURVE.Gy, Fp.ONE); | ||
static ZERO = new Point(Fp.ZERO, Fp.ONE, Fp.ZERO); | ||
constructor(px, py, pz) { | ||
@@ -230,2 +235,6 @@ this.px = px; | ||
} | ||
// We calculate precomputes for elliptic curve point multiplication | ||
// using windowed method. This specifies window size and | ||
// stores precomputed values. Usually only base point would be precomputed. | ||
_WINDOW_SIZE; | ||
// "Private method", don't use it directly | ||
@@ -512,4 +521,2 @@ _setWindowSize(windowSize) { | ||
} | ||
Point.BASE = new Point(CURVE.Gx, CURVE.Gy, Fp.ONE); | ||
Point.ZERO = new Point(Fp.ZERO, Fp.ONE, Fp.ZERO); | ||
const _bits = CURVE.nBitLength; | ||
@@ -615,2 +622,5 @@ const wnaf = wNAF(Point, CURVE.endo ? Math.ceil(_bits / 2) : _bits); | ||
class Signature { | ||
r; | ||
s; | ||
recovery; | ||
constructor(r, s, recovery) { | ||
@@ -617,0 +627,0 @@ this.r = r; |
/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ | ||
// bls12-381 is pairing-friendly Barreto-Lynn-Scott elliptic curve construction allowing to: | ||
// - Construct zk-SNARKs at the 120-bit security | ||
// - Efficiently verify N aggregate signatures with 1 pairing and N ec additions: | ||
// the Boneh-Lynn-Shacham signature scheme is orders of magnitude more efficient than Schnorr | ||
// | ||
// ### Summary | ||
// 1. BLS Relies on Bilinear Pairing (expensive) | ||
// 2. Private Keys: 32 bytes | ||
// 3. Public Keys: 48 bytes: 381 bit affine x coordinate, encoded into 48 big-endian bytes. | ||
// 4. Signatures: 96 bytes: two 381 bit integers (affine x coordinate), encoded into two 48 big-endian byte arrays. | ||
// - The signature is a point on the G2 subgroup, which is defined over a finite field | ||
// with elements twice as big as the G1 curve (G2 is over Fp2 rather than Fp. Fp2 is analogous to the complex numbers). | ||
// 5. The 12 stands for the Embedding degree. | ||
// | ||
// ### Formulas | ||
// - `P = pk x G` - public keys | ||
// - `S = pk x H(m)` - signing | ||
// - `e(P, H(m)) == e(G, S)` - verification using pairings | ||
// - `e(G, S) = e(G, SUM(n)(Si)) = MUL(n)(e(G, Si))` - signature aggregation | ||
// | ||
// ### Compatibility and notes | ||
// 1. It is compatible with Algorand, Chia, Dfinity, Ethereum, Filecoin, ZEC | ||
// Filecoin uses little endian byte arrays for private keys - make sure to reverse byte order. | ||
// 2. Some projects use G2 for public keys and G1 for signatures. It's called "short signature" | ||
// 3. Curve security level is about 120 bits as per Barbulescu-Duquesne 2017 | ||
// https://hal.science/hal-01534101/file/main.pdf | ||
// 4. Compatible with specs: | ||
// [cfrg-pairing-friendly-curves-11](https://tools.ietf.org/html/draft-irtf-cfrg-pairing-friendly-curves-11), | ||
// [cfrg-bls-signature-05](https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-bls-signature-05), | ||
// [RFC 9380](https://www.rfc-editor.org/rfc/rfc9380). | ||
import { sha256 } from '@noble/hashes/sha256'; | ||
@@ -36,6 +6,38 @@ import { randomBytes } from '@noble/hashes/utils'; | ||
import * as mod from './abstract/modular.js'; | ||
import { concatBytes as concatB, ensureBytes, numberToBytesBE, bytesToNumberBE, bitLen, bitGet, bitMask, bytesToHex, } from './abstract/utils.js'; | ||
import { bitGet, bitLen, bitMask, bytesToHex, bytesToNumberBE, concatBytes as concatB, ensureBytes, numberToBytesBE, } from './abstract/utils.js'; | ||
// Types | ||
import { isogenyMap } from './abstract/hash-to-curve.js'; | ||
import { mapToCurveSimpleSWU, } from './abstract/weierstrass.js'; | ||
import { isogenyMap } from './abstract/hash-to-curve.js'; | ||
/* | ||
bls12-381 is pairing-friendly Barreto-Lynn-Scott elliptic curve construction allowing to: | ||
- Construct zk-SNARKs at the 120-bit security | ||
- Efficiently verify N aggregate signatures with 1 pairing and N ec additions: | ||
the Boneh-Lynn-Shacham signature scheme is orders of magnitude more efficient than Schnorr | ||
### Summary | ||
1. BLS Relies on Bilinear Pairing (expensive) | ||
2. Private Keys: 32 bytes | ||
3. Public Keys: 48 bytes: 381 bit affine x coordinate, encoded into 48 big-endian bytes. | ||
4. Signatures: 96 bytes: two 381 bit integers (affine x coordinate), encoded into two 48 big-endian byte arrays. | ||
- The signature is a point on the G2 subgroup, which is defined over a finite field | ||
with elements twice as big as the G1 curve (G2 is over Fp2 rather than Fp. Fp2 is analogous to the complex numbers). | ||
5. The 12 stands for the Embedding degree. | ||
### Formulas | ||
- `P = pk x G` - public keys | ||
- `S = pk x H(m)` - signing | ||
- `e(P, H(m)) == e(G, S)` - verification using pairings | ||
- `e(G, S) = e(G, SUM(n)(Si)) = MUL(n)(e(G, Si))` - signature aggregation | ||
### Compatibility and notes | ||
1. It is compatible with Algorand, Chia, Dfinity, Ethereum, Filecoin, ZEC | ||
Filecoin uses little endian byte arrays for private keys - make sure to reverse byte order. | ||
2. Some projects use G2 for public keys and G1 for signatures. It's called "short signature" | ||
3. Curve security level is about 120 bits as per Barbulescu-Duquesne 2017 | ||
https://hal.science/hal-01534101/file/main.pdf | ||
4. Compatible with specs: | ||
[cfrg-pairing-friendly-curves-11](https://tools.ietf.org/html/draft-irtf-cfrg-pairing-friendly-curves-11), | ||
[cfrg-bls-signature-05](https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-bls-signature-05), | ||
[RFC 9380](https://www.rfc-editor.org/rfc/rfc9380). | ||
*/ | ||
// Be friendly to bad ECMAScript parsers by not using bigint literals | ||
@@ -862,18 +864,18 @@ // prettier-ignore | ||
bytes = bytes.slice(); | ||
const mask = bytes[0] & 224; | ||
const mask = bytes[0] & 0b1110_0000; | ||
const compressed = !!((mask >> 7) & 1); // compression bit (0b1000_0000) | ||
const infinity = !!((mask >> 6) & 1); // point at infinity bit (0b0100_0000) | ||
const sort = !!((mask >> 5) & 1); // sort bit (0b0010_0000) | ||
bytes[0] &= 31; // clear mask (zero first 3 bits) | ||
bytes[0] &= 0b0001_1111; // clear mask (zero first 3 bits) | ||
return { compressed, infinity, sort, value: bytes }; | ||
} | ||
function setMask(bytes, mask) { | ||
if (bytes[0] & 224) | ||
if (bytes[0] & 0b1110_0000) | ||
throw new Error('setMask: non-empty mask'); | ||
if (mask.compressed) | ||
bytes[0] |= 128; | ||
bytes[0] |= 0b1000_0000; | ||
if (mask.infinity) | ||
bytes[0] |= 64; | ||
bytes[0] |= 0b0100_0000; | ||
if (mask.sort) | ||
bytes[0] |= 32; | ||
bytes[0] |= 0b0010_0000; | ||
return bytes; | ||
@@ -1122,3 +1124,3 @@ } | ||
) { | ||
throw new Error('Invalid encoding flag: ' + (bytes[0] & 224)); | ||
throw new Error('Invalid encoding flag: ' + (bytes[0] & 0b1110_0000)); | ||
} | ||
@@ -1125,0 +1127,0 @@ const L = Fp.BYTES; |
/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ | ||
import { sha256 } from '@noble/hashes/sha256'; | ||
import { weierstrass } from './abstract/weierstrass.js'; | ||
import { getHash } from './_shortw_utils.js'; | ||
import { Field } from './abstract/modular.js'; | ||
import { weierstrass } from './abstract/weierstrass.js'; | ||
/** | ||
@@ -7,0 +7,0 @@ * bn254 pairing-friendly curve. |
@@ -5,6 +5,6 @@ /*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ | ||
import { twistedEdwards } from './abstract/edwards.js'; | ||
import { createHasher, expand_message_xmd } from './abstract/hash-to-curve.js'; | ||
import { Field, FpSqrtEven, isNegativeLE, mod, pow2 } from './abstract/modular.js'; | ||
import { montgomery } from './abstract/montgomery.js'; | ||
import { Field, FpSqrtEven, isNegativeLE, mod, pow2 } from './abstract/modular.js'; | ||
import { bytesToHex, bytesToNumberLE, ensureBytes, equalBytes, numberToBytesLE, } from './abstract/utils.js'; | ||
import { createHasher, expand_message_xmd } from './abstract/hash-to-curve.js'; | ||
/** | ||
@@ -18,8 +18,10 @@ * ed25519 Twisted Edwards curve with following addons: | ||
// √(-1) aka √(a) aka 2^((p-1)/4) | ||
const ED25519_SQRT_M1 = BigInt('19681161376707505956807079304988542015446066515923890162744021073123829784752'); | ||
const ED25519_SQRT_M1 = /* @__PURE__ */ BigInt('19681161376707505956807079304988542015446066515923890162744021073123829784752'); | ||
// prettier-ignore | ||
const _0n = BigInt(0), _1n = BigInt(1), _2n = BigInt(2), _5n = BigInt(5); | ||
const _0n = BigInt(0), _1n = BigInt(1), _2n = BigInt(2), _3n = BigInt(3); | ||
// prettier-ignore | ||
const _10n = BigInt(10), _20n = BigInt(20), _40n = BigInt(40), _80n = BigInt(80); | ||
const _5n = BigInt(5), _8n = BigInt(8); | ||
function ed25519_pow_2_252_3(x) { | ||
// prettier-ignore | ||
const _10n = BigInt(10), _20n = BigInt(20), _40n = BigInt(40), _80n = BigInt(80); | ||
const P = ED25519_P; | ||
@@ -84,4 +86,4 @@ const x2 = (x * x) % P; | ||
]; | ||
const Fp = Field(ED25519_P, undefined, true); | ||
const ed25519Defaults = { | ||
const Fp = /* @__PURE__ */ (() => Field(ED25519_P, undefined, true))(); | ||
const ed25519Defaults = /* @__PURE__ */ (() => ({ | ||
// Param: a | ||
@@ -98,3 +100,3 @@ a: BigInt(-1), // Fp.create(-1) is proper; our way still works and is faster | ||
// Cofactor | ||
h: BigInt(8), | ||
h: _8n, | ||
// Base point (x, y) aka generator point | ||
@@ -110,4 +112,4 @@ Gx: BigInt('15112221349535400772501151409588531511454012693041857206046113283949847762202'), | ||
uvRatio, | ||
}; | ||
export const ed25519 = /* @__PURE__ */ twistedEdwards(ed25519Defaults); | ||
}))(); | ||
export const ed25519 = /* @__PURE__ */ (() => twistedEdwards(ed25519Defaults))(); | ||
function ed25519_domain(data, ctx, phflag) { | ||
@@ -118,11 +120,10 @@ if (ctx.length > 255) | ||
} | ||
export const ed25519ctx = /* @__PURE__ */ twistedEdwards({ | ||
export const ed25519ctx = /* @__PURE__ */ (() => twistedEdwards({ | ||
...ed25519Defaults, | ||
domain: ed25519_domain, | ||
}); | ||
export const ed25519ph = /* @__PURE__ */ twistedEdwards({ | ||
...ed25519Defaults, | ||
}))(); | ||
export const ed25519ph = /* @__PURE__ */ (() => twistedEdwards(Object.assign({}, ed25519Defaults, { | ||
domain: ed25519_domain, | ||
prehash: sha512, | ||
}); | ||
})))(); | ||
export const x25519 = /* @__PURE__ */ (() => montgomery({ | ||
@@ -138,3 +139,3 @@ P: ED25519_P, | ||
const { pow_p_5_8, b2 } = ed25519_pow_2_252_3(x); | ||
return mod(pow2(pow_p_5_8, BigInt(3), P) * b2, P); | ||
return mod(pow2(pow_p_5_8, _3n, P) * b2, P); | ||
}, | ||
@@ -173,9 +174,9 @@ adjustScalarBytes, | ||
// SageMath returns different root first and everything falls apart | ||
const ELL2_C1 = (Fp.ORDER + BigInt(3)) / BigInt(8); // 1. c1 = (q + 3) / 8 # Integer arithmetic | ||
const ELL2_C2 = Fp.pow(_2n, ELL2_C1); // 2. c2 = 2^c1 | ||
const ELL2_C3 = Fp.sqrt(Fp.neg(Fp.ONE)); // 3. c3 = sqrt(-1) | ||
const ELL2_C4 = (Fp.ORDER - BigInt(5)) / BigInt(8); // 4. c4 = (q - 5) / 8 # Integer arithmetic | ||
const ELL2_J = BigInt(486662); | ||
const ELL2_C1 = /* @__PURE__ */ (() => (Fp.ORDER + _3n) / _8n)(); // 1. c1 = (q + 3) / 8 # Integer arithmetic | ||
const ELL2_C2 = /* @__PURE__ */ (() => Fp.pow(_2n, ELL2_C1))(); // 2. c2 = 2^c1 | ||
const ELL2_C3 = /* @__PURE__ */ (() => Fp.sqrt(Fp.neg(Fp.ONE)))(); // 3. c3 = sqrt(-1) | ||
// prettier-ignore | ||
function map_to_curve_elligator2_curve25519(u) { | ||
const ELL2_C4 = (Fp.ORDER - _5n) / _8n; // 4. c4 = (q - 5) / 8 # Integer arithmetic | ||
const ELL2_J = BigInt(486662); | ||
let tv1 = Fp.sqr(u); // 1. tv1 = u^2 | ||
@@ -221,3 +222,3 @@ tv1 = Fp.mul(tv1, _2n); // 2. tv1 = 2 * tv1 | ||
} | ||
const ELL2_C1_EDWARDS = FpSqrtEven(Fp, Fp.neg(BigInt(486664))); // sgn0(c1) MUST equal 0 | ||
const ELL2_C1_EDWARDS = /* @__PURE__ */ (() => FpSqrtEven(Fp, Fp.neg(BigInt(486664))))(); // sgn0(c1) MUST equal 0 | ||
function map_to_curve_elligator2_edwards25519(u) { | ||
@@ -258,12 +259,12 @@ const { xMn, xMd, yMn, yMd } = map_to_curve_elligator2_curve25519(u); // 1. (xMn, xMd, yMn, yMd) = | ||
// √(ad - 1) | ||
const SQRT_AD_MINUS_ONE = BigInt('25063068953384623474111414158702152701244531502492656460079210482610430750235'); | ||
const SQRT_AD_MINUS_ONE = /* @__PURE__ */ BigInt('25063068953384623474111414158702152701244531502492656460079210482610430750235'); | ||
// 1 / √(a-d) | ||
const INVSQRT_A_MINUS_D = BigInt('54469307008909316920995813868745141605393597292927456921205312896311721017578'); | ||
const INVSQRT_A_MINUS_D = /* @__PURE__ */ BigInt('54469307008909316920995813868745141605393597292927456921205312896311721017578'); | ||
// 1-d² | ||
const ONE_MINUS_D_SQ = BigInt('1159843021668779879193775521855586647937357759715417654439879720876111806838'); | ||
const ONE_MINUS_D_SQ = /* @__PURE__ */ BigInt('1159843021668779879193775521855586647937357759715417654439879720876111806838'); | ||
// (d-1)² | ||
const D_MINUS_ONE_SQ = BigInt('40440834346308536858101042469323190826248399146238708352240133220865137265952'); | ||
const D_MINUS_ONE_SQ = /* @__PURE__ */ BigInt('40440834346308536858101042469323190826248399146238708352240133220865137265952'); | ||
// Calculates 1/√(number) | ||
const invertSqrt = (number) => uvRatio(_1n, number); | ||
const MAX_255B = BigInt('0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff'); | ||
const MAX_255B = /* @__PURE__ */ BigInt('0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff'); | ||
const bytes255ToNumberLE = (bytes) => ed25519.CURVE.Fp.create(bytesToNumberLE(bytes) & MAX_255B); | ||
@@ -304,2 +305,5 @@ // Computes Elligator map for Ristretto | ||
class RistPoint { | ||
ep; | ||
static BASE; | ||
static ZERO; | ||
// Private property to discourage combining ExtendedPoint + RistrettoPoint | ||
@@ -306,0 +310,0 @@ // Always use Ristretto encoding/decoding instead. |
@@ -5,5 +5,5 @@ /*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ | ||
import { twistedEdwards } from './abstract/edwards.js'; | ||
import { mod, pow2, Field, isNegativeLE } from './abstract/modular.js'; | ||
import { createHasher, expand_message_xof } from './abstract/hash-to-curve.js'; | ||
import { Field, isNegativeLE, mod, pow2 } from './abstract/modular.js'; | ||
import { montgomery } from './abstract/montgomery.js'; | ||
import { createHasher, expand_message_xof } from './abstract/hash-to-curve.js'; | ||
import { bytesToHex, bytesToNumberLE, ensureBytes, equalBytes, numberToBytesLE, } from './abstract/utils.js'; | ||
@@ -273,2 +273,5 @@ /** | ||
class DcfPoint { | ||
ep; | ||
static BASE; | ||
static ZERO; | ||
// Private property to discourage combining ExtendedPoint + DecafPoint | ||
@@ -275,0 +278,0 @@ // Always use Decaf encoding/decoding instead. |
@@ -1,3 +0,3 @@ | ||
throw new Error('Incorrect usage. Import submodules instead'); | ||
throw new Error('root module cannot be imported: import submodules instead. Check out README'); | ||
export {}; | ||
//# sourceMappingURL=index.js.map |
/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ | ||
import { blake2s } from '@noble/hashes/blake2s'; | ||
import { sha512 } from '@noble/hashes/sha512'; | ||
import { concatBytes, randomBytes, utf8ToBytes } from '@noble/hashes/utils'; | ||
import { twistedEdwards } from './abstract/edwards.js'; | ||
import { blake2s } from '@noble/hashes/blake2s'; | ||
import { Field } from './abstract/modular.js'; | ||
@@ -7,0 +7,0 @@ /** |
/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ | ||
import { sha256 } from '@noble/hashes/sha256'; | ||
import { createCurve } from './_shortw_utils.js'; | ||
import { sha256 } from '@noble/hashes/sha256'; | ||
import { createHasher } from './abstract/hash-to-curve.js'; | ||
import { Field } from './abstract/modular.js'; | ||
import { mapToCurveSimpleSWU } from './abstract/weierstrass.js'; | ||
import { createHasher } from './abstract/hash-to-curve.js'; | ||
// NIST secp256r1 aka p256 | ||
@@ -8,0 +8,0 @@ // https://www.secg.org/sec2-v2.pdf, https://neuromancer.sk/std/nist/P-256 |
/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ | ||
import { sha384 } from '@noble/hashes/sha512'; | ||
import { createCurve } from './_shortw_utils.js'; | ||
import { sha384 } from '@noble/hashes/sha512'; | ||
import { createHasher } from './abstract/hash-to-curve.js'; | ||
import { Field } from './abstract/modular.js'; | ||
import { mapToCurveSimpleSWU } from './abstract/weierstrass.js'; | ||
import { createHasher } from './abstract/hash-to-curve.js'; | ||
// NIST secp384r1 aka p384 | ||
@@ -8,0 +8,0 @@ // https://www.secg.org/sec2-v2.pdf, https://neuromancer.sk/std/nist/P-384 |
/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ | ||
import { sha512 } from '@noble/hashes/sha512'; | ||
import { createCurve } from './_shortw_utils.js'; | ||
import { sha512 } from '@noble/hashes/sha512'; | ||
import { createHasher } from './abstract/hash-to-curve.js'; | ||
import { Field } from './abstract/modular.js'; | ||
import { mapToCurveSimpleSWU } from './abstract/weierstrass.js'; | ||
import { createHasher } from './abstract/hash-to-curve.js'; | ||
// NIST secp521r1 aka p521 | ||
@@ -8,0 +8,0 @@ // Note that it's 521, which differs from 512 of its hash function. |
/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ | ||
import { sha256 } from '@noble/hashes/sha256'; | ||
import { getHash } from './_shortw_utils.js'; | ||
import { Field, mod } from './abstract/modular.js'; | ||
import { weierstrass } from './abstract/weierstrass.js'; | ||
import { getHash } from './_shortw_utils.js'; | ||
import * as mod from './abstract/modular.js'; | ||
export const p = BigInt('0x40000000000000000000000000000000224698fc094cf91b992d30ed00000001'); | ||
@@ -12,5 +12,5 @@ export const q = BigInt('0x40000000000000000000000000000000224698fc0994a8dd8c46eb2100000001'); | ||
b: BigInt(5), | ||
Fp: mod.Field(p), | ||
Fp: Field(p), | ||
n: q, | ||
Gx: mod.mod(BigInt(-1), p), | ||
Gx: mod(BigInt(-1), p), | ||
Gy: BigInt(2), | ||
@@ -24,5 +24,5 @@ h: BigInt(1), | ||
b: BigInt(5), | ||
Fp: mod.Field(q), | ||
Fp: Field(q), | ||
n: p, | ||
Gx: mod.mod(BigInt(-1), q), | ||
Gx: mod(BigInt(-1), q), | ||
Gy: BigInt(2), | ||
@@ -29,0 +29,0 @@ h: BigInt(1), |
/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ | ||
import { sha256 } from '@noble/hashes/sha256'; | ||
import { randomBytes } from '@noble/hashes/utils'; | ||
import { createCurve } from './_shortw_utils.js'; | ||
import { createHasher, isogenyMap } from './abstract/hash-to-curve.js'; | ||
import { Field, mod, pow2 } from './abstract/modular.js'; | ||
import { bytesToNumberBE, concatBytes, ensureBytes, numberToBytesBE } from './abstract/utils.js'; | ||
import { mapToCurveSimpleSWU } from './abstract/weierstrass.js'; | ||
import { bytesToNumberBE, concatBytes, ensureBytes, numberToBytesBE } from './abstract/utils.js'; | ||
import { createHasher, isogenyMap } from './abstract/hash-to-curve.js'; | ||
import { createCurve } from './_shortw_utils.js'; | ||
const secp256k1P = BigInt('0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f'); | ||
@@ -10,0 +10,0 @@ const secp256k1N = BigInt('0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141'); |
"use strict"; | ||
throw new Error('Incorrect usage. Import submodules instead'); | ||
throw new Error('root module cannot be imported: import submodules instead. Check out README'); | ||
//# sourceMappingURL=index.js.map |
"use strict"; | ||
Object.defineProperty(exports, "__esModule", { value: true }); | ||
exports.findGroupHash = exports.groupHash = exports.jubjub = void 0; | ||
exports.jubjub = void 0; | ||
exports.groupHash = groupHash; | ||
exports.findGroupHash = findGroupHash; | ||
/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ | ||
const blake2s_1 = require("@noble/hashes/blake2s"); | ||
const sha512_1 = require("@noble/hashes/sha512"); | ||
const utils_1 = require("@noble/hashes/utils"); | ||
const edwards_js_1 = require("./abstract/edwards.js"); | ||
const blake2s_1 = require("@noble/hashes/blake2s"); | ||
const modular_js_1 = require("./abstract/modular.js"); | ||
@@ -46,3 +48,2 @@ /** | ||
} | ||
exports.groupHash = groupHash; | ||
function findGroupHash(m, personalization) { | ||
@@ -59,3 +60,2 @@ const tag = (0, utils_1.concatBytes)(m, new Uint8Array([0])); | ||
} | ||
exports.findGroupHash = findGroupHash; | ||
//# sourceMappingURL=jubjub.js.map |
export declare const p256: Readonly<{ | ||
create: (hash: import("./abstract/utils.js").CHash) => import("./abstract/weierstrass.js").CurveFn; | ||
CURVE: Readonly<{ | ||
CURVE: ReturnType<(curve: import("./abstract/weierstrass.js").CurveType) => Readonly<{ | ||
readonly nBitLength: number; | ||
@@ -9,10 +9,10 @@ readonly nByteLength: number; | ||
readonly h: bigint; | ||
readonly hEff?: bigint | undefined; | ||
readonly hEff?: bigint; | ||
readonly Gx: bigint; | ||
readonly Gy: bigint; | ||
readonly allowInfinityPoint?: boolean | undefined; | ||
readonly allowInfinityPoint?: boolean; | ||
readonly a: bigint; | ||
readonly b: bigint; | ||
readonly allowedPrivateKeyLengths?: readonly number[] | undefined; | ||
readonly wrapPrivateKey?: boolean | undefined; | ||
readonly allowedPrivateKeyLengths?: readonly number[]; | ||
readonly wrapPrivateKey?: boolean; | ||
readonly endo?: { | ||
@@ -26,3 +26,3 @@ beta: bigint; | ||
}; | ||
} | undefined; | ||
}; | ||
readonly isTorsionFree?: ((c: import("./abstract/weierstrass.js").ProjConstructor<bigint>, point: import("./abstract/weierstrass.js").ProjPointType<bigint>) => boolean) | undefined; | ||
@@ -32,15 +32,15 @@ readonly clearCofactor?: ((c: import("./abstract/weierstrass.js").ProjConstructor<bigint>, point: import("./abstract/weierstrass.js").ProjPointType<bigint>) => import("./abstract/weierstrass.js").ProjPointType<bigint>) | undefined; | ||
readonly hmac: (key: Uint8Array, ...messages: Uint8Array[]) => Uint8Array; | ||
readonly randomBytes: (bytesLength?: number | undefined) => Uint8Array; | ||
readonly randomBytes: (bytesLength?: number) => Uint8Array; | ||
lowS: boolean; | ||
readonly bits2int?: ((bytes: Uint8Array) => bigint) | undefined; | ||
readonly bits2int_modN?: ((bytes: Uint8Array) => bigint) | undefined; | ||
readonly bits2int?: (bytes: Uint8Array) => bigint; | ||
readonly bits2int_modN?: (bytes: Uint8Array) => bigint; | ||
readonly p: bigint; | ||
}>; | ||
getPublicKey: (privateKey: import("./abstract/utils.js").PrivKey, isCompressed?: boolean | undefined) => Uint8Array; | ||
getSharedSecret: (privateA: import("./abstract/utils.js").PrivKey, publicB: import("./abstract/utils.js").Hex, isCompressed?: boolean | undefined) => Uint8Array; | ||
sign: (msgHash: import("./abstract/utils.js").Hex, privKey: import("./abstract/utils.js").PrivKey, opts?: import("./abstract/weierstrass.js").SignOpts | undefined) => import("./abstract/weierstrass.js").RecoveredSignatureType; | ||
}>>; | ||
getPublicKey: (privateKey: import("./abstract/utils.js").PrivKey, isCompressed?: boolean) => Uint8Array; | ||
getSharedSecret: (privateA: import("./abstract/utils.js").PrivKey, publicB: import("./abstract/utils.js").Hex, isCompressed?: boolean) => Uint8Array; | ||
sign: (msgHash: import("./abstract/utils.js").Hex, privKey: import("./abstract/utils.js").PrivKey, opts?: import("./abstract/weierstrass.js").SignOpts) => import("./abstract/weierstrass.js").RecoveredSignatureType; | ||
verify: (signature: import("./abstract/utils.js").Hex | { | ||
r: bigint; | ||
s: bigint; | ||
}, msgHash: import("./abstract/utils.js").Hex, publicKey: import("./abstract/utils.js").Hex, opts?: import("./abstract/weierstrass.js").VerOpts | undefined) => boolean; | ||
}, msgHash: import("./abstract/utils.js").Hex, publicKey: import("./abstract/utils.js").Hex, opts?: import("./abstract/weierstrass.js").VerOpts) => boolean; | ||
ProjectivePoint: import("./abstract/weierstrass.js").ProjConstructor<bigint>; | ||
@@ -52,3 +52,3 @@ Signature: import("./abstract/weierstrass.js").SignatureConstructor; | ||
randomPrivateKey: () => Uint8Array; | ||
precompute: (windowSize?: number | undefined, point?: import("./abstract/weierstrass.js").ProjPointType<bigint> | undefined) => import("./abstract/weierstrass.js").ProjPointType<bigint>; | ||
precompute: (windowSize?: number, point?: import("./abstract/weierstrass.js").ProjPointType<bigint>) => import("./abstract/weierstrass.js").ProjPointType<bigint>; | ||
}; | ||
@@ -58,3 +58,3 @@ }>; | ||
create: (hash: import("./abstract/utils.js").CHash) => import("./abstract/weierstrass.js").CurveFn; | ||
CURVE: Readonly<{ | ||
CURVE: ReturnType<(curve: import("./abstract/weierstrass.js").CurveType) => Readonly<{ | ||
readonly nBitLength: number; | ||
@@ -65,10 +65,10 @@ readonly nByteLength: number; | ||
readonly h: bigint; | ||
readonly hEff?: bigint | undefined; | ||
readonly hEff?: bigint; | ||
readonly Gx: bigint; | ||
readonly Gy: bigint; | ||
readonly allowInfinityPoint?: boolean | undefined; | ||
readonly allowInfinityPoint?: boolean; | ||
readonly a: bigint; | ||
readonly b: bigint; | ||
readonly allowedPrivateKeyLengths?: readonly number[] | undefined; | ||
readonly wrapPrivateKey?: boolean | undefined; | ||
readonly allowedPrivateKeyLengths?: readonly number[]; | ||
readonly wrapPrivateKey?: boolean; | ||
readonly endo?: { | ||
@@ -82,3 +82,3 @@ beta: bigint; | ||
}; | ||
} | undefined; | ||
}; | ||
readonly isTorsionFree?: ((c: import("./abstract/weierstrass.js").ProjConstructor<bigint>, point: import("./abstract/weierstrass.js").ProjPointType<bigint>) => boolean) | undefined; | ||
@@ -88,15 +88,15 @@ readonly clearCofactor?: ((c: import("./abstract/weierstrass.js").ProjConstructor<bigint>, point: import("./abstract/weierstrass.js").ProjPointType<bigint>) => import("./abstract/weierstrass.js").ProjPointType<bigint>) | undefined; | ||
readonly hmac: (key: Uint8Array, ...messages: Uint8Array[]) => Uint8Array; | ||
readonly randomBytes: (bytesLength?: number | undefined) => Uint8Array; | ||
readonly randomBytes: (bytesLength?: number) => Uint8Array; | ||
lowS: boolean; | ||
readonly bits2int?: ((bytes: Uint8Array) => bigint) | undefined; | ||
readonly bits2int_modN?: ((bytes: Uint8Array) => bigint) | undefined; | ||
readonly bits2int?: (bytes: Uint8Array) => bigint; | ||
readonly bits2int_modN?: (bytes: Uint8Array) => bigint; | ||
readonly p: bigint; | ||
}>; | ||
getPublicKey: (privateKey: import("./abstract/utils.js").PrivKey, isCompressed?: boolean | undefined) => Uint8Array; | ||
getSharedSecret: (privateA: import("./abstract/utils.js").PrivKey, publicB: import("./abstract/utils.js").Hex, isCompressed?: boolean | undefined) => Uint8Array; | ||
sign: (msgHash: import("./abstract/utils.js").Hex, privKey: import("./abstract/utils.js").PrivKey, opts?: import("./abstract/weierstrass.js").SignOpts | undefined) => import("./abstract/weierstrass.js").RecoveredSignatureType; | ||
}>>; | ||
getPublicKey: (privateKey: import("./abstract/utils.js").PrivKey, isCompressed?: boolean) => Uint8Array; | ||
getSharedSecret: (privateA: import("./abstract/utils.js").PrivKey, publicB: import("./abstract/utils.js").Hex, isCompressed?: boolean) => Uint8Array; | ||
sign: (msgHash: import("./abstract/utils.js").Hex, privKey: import("./abstract/utils.js").PrivKey, opts?: import("./abstract/weierstrass.js").SignOpts) => import("./abstract/weierstrass.js").RecoveredSignatureType; | ||
verify: (signature: import("./abstract/utils.js").Hex | { | ||
r: bigint; | ||
s: bigint; | ||
}, msgHash: import("./abstract/utils.js").Hex, publicKey: import("./abstract/utils.js").Hex, opts?: import("./abstract/weierstrass.js").VerOpts | undefined) => boolean; | ||
}, msgHash: import("./abstract/utils.js").Hex, publicKey: import("./abstract/utils.js").Hex, opts?: import("./abstract/weierstrass.js").VerOpts) => boolean; | ||
ProjectivePoint: import("./abstract/weierstrass.js").ProjConstructor<bigint>; | ||
@@ -108,7 +108,7 @@ Signature: import("./abstract/weierstrass.js").SignatureConstructor; | ||
randomPrivateKey: () => Uint8Array; | ||
precompute: (windowSize?: number | undefined, point?: import("./abstract/weierstrass.js").ProjPointType<bigint> | undefined) => import("./abstract/weierstrass.js").ProjPointType<bigint>; | ||
precompute: (windowSize?: number, point?: import("./abstract/weierstrass.js").ProjPointType<bigint>) => import("./abstract/weierstrass.js").ProjPointType<bigint>; | ||
}; | ||
}>; | ||
export declare const hashToCurve: (msg: Uint8Array, options?: import("./abstract/hash-to-curve.js").htfBasicOpts | undefined) => import("./abstract/hash-to-curve.js").H2CPoint<bigint>; | ||
export declare const encodeToCurve: (msg: Uint8Array, options?: import("./abstract/hash-to-curve.js").htfBasicOpts | undefined) => import("./abstract/hash-to-curve.js").H2CPoint<bigint>; | ||
export declare const hashToCurve: (msg: Uint8Array, options?: import("./abstract/hash-to-curve.js").htfBasicOpts) => import("./abstract/hash-to-curve.js").H2CPoint<bigint>; | ||
export declare const encodeToCurve: (msg: Uint8Array, options?: import("./abstract/hash-to-curve.js").htfBasicOpts) => import("./abstract/hash-to-curve.js").H2CPoint<bigint>; | ||
//# sourceMappingURL=p256.d.ts.map |
@@ -5,7 +5,7 @@ "use strict"; | ||
/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ | ||
const sha256_1 = require("@noble/hashes/sha256"); | ||
const _shortw_utils_js_1 = require("./_shortw_utils.js"); | ||
const sha256_1 = require("@noble/hashes/sha256"); | ||
const hash_to_curve_js_1 = require("./abstract/hash-to-curve.js"); | ||
const modular_js_1 = require("./abstract/modular.js"); | ||
const weierstrass_js_1 = require("./abstract/weierstrass.js"); | ||
const hash_to_curve_js_1 = require("./abstract/hash-to-curve.js"); | ||
// NIST secp256r1 aka p256 | ||
@@ -12,0 +12,0 @@ // https://www.secg.org/sec2-v2.pdf, https://neuromancer.sk/std/nist/P-256 |
export declare const p384: Readonly<{ | ||
create: (hash: import("./abstract/utils.js").CHash) => import("./abstract/weierstrass.js").CurveFn; | ||
CURVE: Readonly<{ | ||
CURVE: ReturnType<(curve: import("./abstract/weierstrass.js").CurveType) => Readonly<{ | ||
readonly nBitLength: number; | ||
@@ -9,10 +9,10 @@ readonly nByteLength: number; | ||
readonly h: bigint; | ||
readonly hEff?: bigint | undefined; | ||
readonly hEff?: bigint; | ||
readonly Gx: bigint; | ||
readonly Gy: bigint; | ||
readonly allowInfinityPoint?: boolean | undefined; | ||
readonly allowInfinityPoint?: boolean; | ||
readonly a: bigint; | ||
readonly b: bigint; | ||
readonly allowedPrivateKeyLengths?: readonly number[] | undefined; | ||
readonly wrapPrivateKey?: boolean | undefined; | ||
readonly allowedPrivateKeyLengths?: readonly number[]; | ||
readonly wrapPrivateKey?: boolean; | ||
readonly endo?: { | ||
@@ -26,3 +26,3 @@ beta: bigint; | ||
}; | ||
} | undefined; | ||
}; | ||
readonly isTorsionFree?: ((c: import("./abstract/weierstrass.js").ProjConstructor<bigint>, point: import("./abstract/weierstrass.js").ProjPointType<bigint>) => boolean) | undefined; | ||
@@ -32,15 +32,15 @@ readonly clearCofactor?: ((c: import("./abstract/weierstrass.js").ProjConstructor<bigint>, point: import("./abstract/weierstrass.js").ProjPointType<bigint>) => import("./abstract/weierstrass.js").ProjPointType<bigint>) | undefined; | ||
readonly hmac: (key: Uint8Array, ...messages: Uint8Array[]) => Uint8Array; | ||
readonly randomBytes: (bytesLength?: number | undefined) => Uint8Array; | ||
readonly randomBytes: (bytesLength?: number) => Uint8Array; | ||
lowS: boolean; | ||
readonly bits2int?: ((bytes: Uint8Array) => bigint) | undefined; | ||
readonly bits2int_modN?: ((bytes: Uint8Array) => bigint) | undefined; | ||
readonly bits2int?: (bytes: Uint8Array) => bigint; | ||
readonly bits2int_modN?: (bytes: Uint8Array) => bigint; | ||
readonly p: bigint; | ||
}>; | ||
getPublicKey: (privateKey: import("./abstract/utils.js").PrivKey, isCompressed?: boolean | undefined) => Uint8Array; | ||
getSharedSecret: (privateA: import("./abstract/utils.js").PrivKey, publicB: import("./abstract/utils.js").Hex, isCompressed?: boolean | undefined) => Uint8Array; | ||
sign: (msgHash: import("./abstract/utils.js").Hex, privKey: import("./abstract/utils.js").PrivKey, opts?: import("./abstract/weierstrass.js").SignOpts | undefined) => import("./abstract/weierstrass.js").RecoveredSignatureType; | ||
}>>; | ||
getPublicKey: (privateKey: import("./abstract/utils.js").PrivKey, isCompressed?: boolean) => Uint8Array; | ||
getSharedSecret: (privateA: import("./abstract/utils.js").PrivKey, publicB: import("./abstract/utils.js").Hex, isCompressed?: boolean) => Uint8Array; | ||
sign: (msgHash: import("./abstract/utils.js").Hex, privKey: import("./abstract/utils.js").PrivKey, opts?: import("./abstract/weierstrass.js").SignOpts) => import("./abstract/weierstrass.js").RecoveredSignatureType; | ||
verify: (signature: import("./abstract/utils.js").Hex | { | ||
r: bigint; | ||
s: bigint; | ||
}, msgHash: import("./abstract/utils.js").Hex, publicKey: import("./abstract/utils.js").Hex, opts?: import("./abstract/weierstrass.js").VerOpts | undefined) => boolean; | ||
}, msgHash: import("./abstract/utils.js").Hex, publicKey: import("./abstract/utils.js").Hex, opts?: import("./abstract/weierstrass.js").VerOpts) => boolean; | ||
ProjectivePoint: import("./abstract/weierstrass.js").ProjConstructor<bigint>; | ||
@@ -52,3 +52,3 @@ Signature: import("./abstract/weierstrass.js").SignatureConstructor; | ||
randomPrivateKey: () => Uint8Array; | ||
precompute: (windowSize?: number | undefined, point?: import("./abstract/weierstrass.js").ProjPointType<bigint> | undefined) => import("./abstract/weierstrass.js").ProjPointType<bigint>; | ||
precompute: (windowSize?: number, point?: import("./abstract/weierstrass.js").ProjPointType<bigint>) => import("./abstract/weierstrass.js").ProjPointType<bigint>; | ||
}; | ||
@@ -58,3 +58,3 @@ }>; | ||
create: (hash: import("./abstract/utils.js").CHash) => import("./abstract/weierstrass.js").CurveFn; | ||
CURVE: Readonly<{ | ||
CURVE: ReturnType<(curve: import("./abstract/weierstrass.js").CurveType) => Readonly<{ | ||
readonly nBitLength: number; | ||
@@ -65,10 +65,10 @@ readonly nByteLength: number; | ||
readonly h: bigint; | ||
readonly hEff?: bigint | undefined; | ||
readonly hEff?: bigint; | ||
readonly Gx: bigint; | ||
readonly Gy: bigint; | ||
readonly allowInfinityPoint?: boolean | undefined; | ||
readonly allowInfinityPoint?: boolean; | ||
readonly a: bigint; | ||
readonly b: bigint; | ||
readonly allowedPrivateKeyLengths?: readonly number[] | undefined; | ||
readonly wrapPrivateKey?: boolean | undefined; | ||
readonly allowedPrivateKeyLengths?: readonly number[]; | ||
readonly wrapPrivateKey?: boolean; | ||
readonly endo?: { | ||
@@ -82,3 +82,3 @@ beta: bigint; | ||
}; | ||
} | undefined; | ||
}; | ||
readonly isTorsionFree?: ((c: import("./abstract/weierstrass.js").ProjConstructor<bigint>, point: import("./abstract/weierstrass.js").ProjPointType<bigint>) => boolean) | undefined; | ||
@@ -88,15 +88,15 @@ readonly clearCofactor?: ((c: import("./abstract/weierstrass.js").ProjConstructor<bigint>, point: import("./abstract/weierstrass.js").ProjPointType<bigint>) => import("./abstract/weierstrass.js").ProjPointType<bigint>) | undefined; | ||
readonly hmac: (key: Uint8Array, ...messages: Uint8Array[]) => Uint8Array; | ||
readonly randomBytes: (bytesLength?: number | undefined) => Uint8Array; | ||
readonly randomBytes: (bytesLength?: number) => Uint8Array; | ||
lowS: boolean; | ||
readonly bits2int?: ((bytes: Uint8Array) => bigint) | undefined; | ||
readonly bits2int_modN?: ((bytes: Uint8Array) => bigint) | undefined; | ||
readonly bits2int?: (bytes: Uint8Array) => bigint; | ||
readonly bits2int_modN?: (bytes: Uint8Array) => bigint; | ||
readonly p: bigint; | ||
}>; | ||
getPublicKey: (privateKey: import("./abstract/utils.js").PrivKey, isCompressed?: boolean | undefined) => Uint8Array; | ||
getSharedSecret: (privateA: import("./abstract/utils.js").PrivKey, publicB: import("./abstract/utils.js").Hex, isCompressed?: boolean | undefined) => Uint8Array; | ||
sign: (msgHash: import("./abstract/utils.js").Hex, privKey: import("./abstract/utils.js").PrivKey, opts?: import("./abstract/weierstrass.js").SignOpts | undefined) => import("./abstract/weierstrass.js").RecoveredSignatureType; | ||
}>>; | ||
getPublicKey: (privateKey: import("./abstract/utils.js").PrivKey, isCompressed?: boolean) => Uint8Array; | ||
getSharedSecret: (privateA: import("./abstract/utils.js").PrivKey, publicB: import("./abstract/utils.js").Hex, isCompressed?: boolean) => Uint8Array; | ||
sign: (msgHash: import("./abstract/utils.js").Hex, privKey: import("./abstract/utils.js").PrivKey, opts?: import("./abstract/weierstrass.js").SignOpts) => import("./abstract/weierstrass.js").RecoveredSignatureType; | ||
verify: (signature: import("./abstract/utils.js").Hex | { | ||
r: bigint; | ||
s: bigint; | ||
}, msgHash: import("./abstract/utils.js").Hex, publicKey: import("./abstract/utils.js").Hex, opts?: import("./abstract/weierstrass.js").VerOpts | undefined) => boolean; | ||
}, msgHash: import("./abstract/utils.js").Hex, publicKey: import("./abstract/utils.js").Hex, opts?: import("./abstract/weierstrass.js").VerOpts) => boolean; | ||
ProjectivePoint: import("./abstract/weierstrass.js").ProjConstructor<bigint>; | ||
@@ -108,7 +108,7 @@ Signature: import("./abstract/weierstrass.js").SignatureConstructor; | ||
randomPrivateKey: () => Uint8Array; | ||
precompute: (windowSize?: number | undefined, point?: import("./abstract/weierstrass.js").ProjPointType<bigint> | undefined) => import("./abstract/weierstrass.js").ProjPointType<bigint>; | ||
precompute: (windowSize?: number, point?: import("./abstract/weierstrass.js").ProjPointType<bigint>) => import("./abstract/weierstrass.js").ProjPointType<bigint>; | ||
}; | ||
}>; | ||
export declare const hashToCurve: (msg: Uint8Array, options?: import("./abstract/hash-to-curve.js").htfBasicOpts | undefined) => import("./abstract/hash-to-curve.js").H2CPoint<bigint>; | ||
export declare const encodeToCurve: (msg: Uint8Array, options?: import("./abstract/hash-to-curve.js").htfBasicOpts | undefined) => import("./abstract/hash-to-curve.js").H2CPoint<bigint>; | ||
export declare const hashToCurve: (msg: Uint8Array, options?: import("./abstract/hash-to-curve.js").htfBasicOpts) => import("./abstract/hash-to-curve.js").H2CPoint<bigint>; | ||
export declare const encodeToCurve: (msg: Uint8Array, options?: import("./abstract/hash-to-curve.js").htfBasicOpts) => import("./abstract/hash-to-curve.js").H2CPoint<bigint>; | ||
//# sourceMappingURL=p384.d.ts.map |
@@ -5,7 +5,7 @@ "use strict"; | ||
/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ | ||
const sha512_1 = require("@noble/hashes/sha512"); | ||
const _shortw_utils_js_1 = require("./_shortw_utils.js"); | ||
const sha512_1 = require("@noble/hashes/sha512"); | ||
const hash_to_curve_js_1 = require("./abstract/hash-to-curve.js"); | ||
const modular_js_1 = require("./abstract/modular.js"); | ||
const weierstrass_js_1 = require("./abstract/weierstrass.js"); | ||
const hash_to_curve_js_1 = require("./abstract/hash-to-curve.js"); | ||
// NIST secp384r1 aka p384 | ||
@@ -12,0 +12,0 @@ // https://www.secg.org/sec2-v2.pdf, https://neuromancer.sk/std/nist/P-384 |
export declare const p521: Readonly<{ | ||
create: (hash: import("./abstract/utils.js").CHash) => import("./abstract/weierstrass.js").CurveFn; | ||
CURVE: Readonly<{ | ||
CURVE: ReturnType<(curve: import("./abstract/weierstrass.js").CurveType) => Readonly<{ | ||
readonly nBitLength: number; | ||
@@ -9,10 +9,10 @@ readonly nByteLength: number; | ||
readonly h: bigint; | ||
readonly hEff?: bigint | undefined; | ||
readonly hEff?: bigint; | ||
readonly Gx: bigint; | ||
readonly Gy: bigint; | ||
readonly allowInfinityPoint?: boolean | undefined; | ||
readonly allowInfinityPoint?: boolean; | ||
readonly a: bigint; | ||
readonly b: bigint; | ||
readonly allowedPrivateKeyLengths?: readonly number[] | undefined; | ||
readonly wrapPrivateKey?: boolean | undefined; | ||
readonly allowedPrivateKeyLengths?: readonly number[]; | ||
readonly wrapPrivateKey?: boolean; | ||
readonly endo?: { | ||
@@ -26,3 +26,3 @@ beta: bigint; | ||
}; | ||
} | undefined; | ||
}; | ||
readonly isTorsionFree?: ((c: import("./abstract/weierstrass.js").ProjConstructor<bigint>, point: import("./abstract/weierstrass.js").ProjPointType<bigint>) => boolean) | undefined; | ||
@@ -32,15 +32,15 @@ readonly clearCofactor?: ((c: import("./abstract/weierstrass.js").ProjConstructor<bigint>, point: import("./abstract/weierstrass.js").ProjPointType<bigint>) => import("./abstract/weierstrass.js").ProjPointType<bigint>) | undefined; | ||
readonly hmac: (key: Uint8Array, ...messages: Uint8Array[]) => Uint8Array; | ||
readonly randomBytes: (bytesLength?: number | undefined) => Uint8Array; | ||
readonly randomBytes: (bytesLength?: number) => Uint8Array; | ||
lowS: boolean; | ||
readonly bits2int?: ((bytes: Uint8Array) => bigint) | undefined; | ||
readonly bits2int_modN?: ((bytes: Uint8Array) => bigint) | undefined; | ||
readonly bits2int?: (bytes: Uint8Array) => bigint; | ||
readonly bits2int_modN?: (bytes: Uint8Array) => bigint; | ||
readonly p: bigint; | ||
}>; | ||
getPublicKey: (privateKey: import("./abstract/utils.js").PrivKey, isCompressed?: boolean | undefined) => Uint8Array; | ||
getSharedSecret: (privateA: import("./abstract/utils.js").PrivKey, publicB: import("./abstract/utils.js").Hex, isCompressed?: boolean | undefined) => Uint8Array; | ||
sign: (msgHash: import("./abstract/utils.js").Hex, privKey: import("./abstract/utils.js").PrivKey, opts?: import("./abstract/weierstrass.js").SignOpts | undefined) => import("./abstract/weierstrass.js").RecoveredSignatureType; | ||
}>>; | ||
getPublicKey: (privateKey: import("./abstract/utils.js").PrivKey, isCompressed?: boolean) => Uint8Array; | ||
getSharedSecret: (privateA: import("./abstract/utils.js").PrivKey, publicB: import("./abstract/utils.js").Hex, isCompressed?: boolean) => Uint8Array; | ||
sign: (msgHash: import("./abstract/utils.js").Hex, privKey: import("./abstract/utils.js").PrivKey, opts?: import("./abstract/weierstrass.js").SignOpts) => import("./abstract/weierstrass.js").RecoveredSignatureType; | ||
verify: (signature: import("./abstract/utils.js").Hex | { | ||
r: bigint; | ||
s: bigint; | ||
}, msgHash: import("./abstract/utils.js").Hex, publicKey: import("./abstract/utils.js").Hex, opts?: import("./abstract/weierstrass.js").VerOpts | undefined) => boolean; | ||
}, msgHash: import("./abstract/utils.js").Hex, publicKey: import("./abstract/utils.js").Hex, opts?: import("./abstract/weierstrass.js").VerOpts) => boolean; | ||
ProjectivePoint: import("./abstract/weierstrass.js").ProjConstructor<bigint>; | ||
@@ -52,3 +52,3 @@ Signature: import("./abstract/weierstrass.js").SignatureConstructor; | ||
randomPrivateKey: () => Uint8Array; | ||
precompute: (windowSize?: number | undefined, point?: import("./abstract/weierstrass.js").ProjPointType<bigint> | undefined) => import("./abstract/weierstrass.js").ProjPointType<bigint>; | ||
precompute: (windowSize?: number, point?: import("./abstract/weierstrass.js").ProjPointType<bigint>) => import("./abstract/weierstrass.js").ProjPointType<bigint>; | ||
}; | ||
@@ -58,3 +58,3 @@ }>; | ||
create: (hash: import("./abstract/utils.js").CHash) => import("./abstract/weierstrass.js").CurveFn; | ||
CURVE: Readonly<{ | ||
CURVE: ReturnType<(curve: import("./abstract/weierstrass.js").CurveType) => Readonly<{ | ||
readonly nBitLength: number; | ||
@@ -65,10 +65,10 @@ readonly nByteLength: number; | ||
readonly h: bigint; | ||
readonly hEff?: bigint | undefined; | ||
readonly hEff?: bigint; | ||
readonly Gx: bigint; | ||
readonly Gy: bigint; | ||
readonly allowInfinityPoint?: boolean | undefined; | ||
readonly allowInfinityPoint?: boolean; | ||
readonly a: bigint; | ||
readonly b: bigint; | ||
readonly allowedPrivateKeyLengths?: readonly number[] | undefined; | ||
readonly wrapPrivateKey?: boolean | undefined; | ||
readonly allowedPrivateKeyLengths?: readonly number[]; | ||
readonly wrapPrivateKey?: boolean; | ||
readonly endo?: { | ||
@@ -82,3 +82,3 @@ beta: bigint; | ||
}; | ||
} | undefined; | ||
}; | ||
readonly isTorsionFree?: ((c: import("./abstract/weierstrass.js").ProjConstructor<bigint>, point: import("./abstract/weierstrass.js").ProjPointType<bigint>) => boolean) | undefined; | ||
@@ -88,15 +88,15 @@ readonly clearCofactor?: ((c: import("./abstract/weierstrass.js").ProjConstructor<bigint>, point: import("./abstract/weierstrass.js").ProjPointType<bigint>) => import("./abstract/weierstrass.js").ProjPointType<bigint>) | undefined; | ||
readonly hmac: (key: Uint8Array, ...messages: Uint8Array[]) => Uint8Array; | ||
readonly randomBytes: (bytesLength?: number | undefined) => Uint8Array; | ||
readonly randomBytes: (bytesLength?: number) => Uint8Array; | ||
lowS: boolean; | ||
readonly bits2int?: ((bytes: Uint8Array) => bigint) | undefined; | ||
readonly bits2int_modN?: ((bytes: Uint8Array) => bigint) | undefined; | ||
readonly bits2int?: (bytes: Uint8Array) => bigint; | ||
readonly bits2int_modN?: (bytes: Uint8Array) => bigint; | ||
readonly p: bigint; | ||
}>; | ||
getPublicKey: (privateKey: import("./abstract/utils.js").PrivKey, isCompressed?: boolean | undefined) => Uint8Array; | ||
getSharedSecret: (privateA: import("./abstract/utils.js").PrivKey, publicB: import("./abstract/utils.js").Hex, isCompressed?: boolean | undefined) => Uint8Array; | ||
sign: (msgHash: import("./abstract/utils.js").Hex, privKey: import("./abstract/utils.js").PrivKey, opts?: import("./abstract/weierstrass.js").SignOpts | undefined) => import("./abstract/weierstrass.js").RecoveredSignatureType; | ||
}>>; | ||
getPublicKey: (privateKey: import("./abstract/utils.js").PrivKey, isCompressed?: boolean) => Uint8Array; | ||
getSharedSecret: (privateA: import("./abstract/utils.js").PrivKey, publicB: import("./abstract/utils.js").Hex, isCompressed?: boolean) => Uint8Array; | ||
sign: (msgHash: import("./abstract/utils.js").Hex, privKey: import("./abstract/utils.js").PrivKey, opts?: import("./abstract/weierstrass.js").SignOpts) => import("./abstract/weierstrass.js").RecoveredSignatureType; | ||
verify: (signature: import("./abstract/utils.js").Hex | { | ||
r: bigint; | ||
s: bigint; | ||
}, msgHash: import("./abstract/utils.js").Hex, publicKey: import("./abstract/utils.js").Hex, opts?: import("./abstract/weierstrass.js").VerOpts | undefined) => boolean; | ||
}, msgHash: import("./abstract/utils.js").Hex, publicKey: import("./abstract/utils.js").Hex, opts?: import("./abstract/weierstrass.js").VerOpts) => boolean; | ||
ProjectivePoint: import("./abstract/weierstrass.js").ProjConstructor<bigint>; | ||
@@ -108,7 +108,7 @@ Signature: import("./abstract/weierstrass.js").SignatureConstructor; | ||
randomPrivateKey: () => Uint8Array; | ||
precompute: (windowSize?: number | undefined, point?: import("./abstract/weierstrass.js").ProjPointType<bigint> | undefined) => import("./abstract/weierstrass.js").ProjPointType<bigint>; | ||
precompute: (windowSize?: number, point?: import("./abstract/weierstrass.js").ProjPointType<bigint>) => import("./abstract/weierstrass.js").ProjPointType<bigint>; | ||
}; | ||
}>; | ||
export declare const hashToCurve: (msg: Uint8Array, options?: import("./abstract/hash-to-curve.js").htfBasicOpts | undefined) => import("./abstract/hash-to-curve.js").H2CPoint<bigint>; | ||
export declare const encodeToCurve: (msg: Uint8Array, options?: import("./abstract/hash-to-curve.js").htfBasicOpts | undefined) => import("./abstract/hash-to-curve.js").H2CPoint<bigint>; | ||
export declare const hashToCurve: (msg: Uint8Array, options?: import("./abstract/hash-to-curve.js").htfBasicOpts) => import("./abstract/hash-to-curve.js").H2CPoint<bigint>; | ||
export declare const encodeToCurve: (msg: Uint8Array, options?: import("./abstract/hash-to-curve.js").htfBasicOpts) => import("./abstract/hash-to-curve.js").H2CPoint<bigint>; | ||
//# sourceMappingURL=p521.d.ts.map |
@@ -5,7 +5,7 @@ "use strict"; | ||
/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ | ||
const sha512_1 = require("@noble/hashes/sha512"); | ||
const _shortw_utils_js_1 = require("./_shortw_utils.js"); | ||
const sha512_1 = require("@noble/hashes/sha512"); | ||
const hash_to_curve_js_1 = require("./abstract/hash-to-curve.js"); | ||
const modular_js_1 = require("./abstract/modular.js"); | ||
const weierstrass_js_1 = require("./abstract/weierstrass.js"); | ||
const hash_to_curve_js_1 = require("./abstract/hash-to-curve.js"); | ||
// NIST secp521r1 aka p521 | ||
@@ -12,0 +12,0 @@ // Note that it's 521, which differs from 512 of its hash function. |
{ | ||
"name": "@noble/curves", | ||
"version": "1.4.0", | ||
"version": "1.4.1", | ||
"description": "Audited & minimal JS implementation of elliptic curve cryptography", | ||
@@ -34,7 +34,8 @@ "files": [ | ||
"devDependencies": { | ||
"@paulmillr/jsbt": "0.2.0", | ||
"fast-check": "3.0.0", | ||
"micro-bmark": "0.3.1", | ||
"micro-should": "0.4.0", | ||
"prettier": "3.1.1", | ||
"typescript": "5.3.2" | ||
"prettier": "3.3.2", | ||
"typescript": "5.5.2" | ||
}, | ||
@@ -45,110 +46,88 @@ "sideEffects": false, | ||
".": { | ||
"types": "./index.d.ts", | ||
"import": "./esm/index.js", | ||
"default": "./index.js" | ||
"require": "./index.js" | ||
}, | ||
"./abstract/edwards": { | ||
"types": "./abstract/edwards.d.ts", | ||
"import": "./esm/abstract/edwards.js", | ||
"default": "./abstract/edwards.js" | ||
"require": "./abstract/edwards.js" | ||
}, | ||
"./abstract/modular": { | ||
"types": "./abstract/modular.d.ts", | ||
"import": "./esm/abstract/modular.js", | ||
"default": "./abstract/modular.js" | ||
"require": "./abstract/modular.js" | ||
}, | ||
"./abstract/montgomery": { | ||
"types": "./abstract/montgomery.d.ts", | ||
"import": "./esm/abstract/montgomery.js", | ||
"default": "./abstract/montgomery.js" | ||
"require": "./abstract/montgomery.js" | ||
}, | ||
"./abstract/weierstrass": { | ||
"types": "./abstract/weierstrass.d.ts", | ||
"import": "./esm/abstract/weierstrass.js", | ||
"default": "./abstract/weierstrass.js" | ||
"require": "./abstract/weierstrass.js" | ||
}, | ||
"./abstract/bls": { | ||
"types": "./abstract/bls.d.ts", | ||
"import": "./esm/abstract/bls.js", | ||
"default": "./abstract/bls.js" | ||
"require": "./abstract/bls.js" | ||
}, | ||
"./abstract/hash-to-curve": { | ||
"types": "./abstract/hash-to-curve.d.ts", | ||
"import": "./esm/abstract/hash-to-curve.js", | ||
"default": "./abstract/hash-to-curve.js" | ||
"require": "./abstract/hash-to-curve.js" | ||
}, | ||
"./abstract/curve": { | ||
"types": "./abstract/curve.d.ts", | ||
"import": "./esm/abstract/curve.js", | ||
"default": "./abstract/curve.js" | ||
"require": "./abstract/curve.js" | ||
}, | ||
"./abstract/utils": { | ||
"types": "./abstract/utils.d.ts", | ||
"import": "./esm/abstract/utils.js", | ||
"default": "./abstract/utils.js" | ||
"require": "./abstract/utils.js" | ||
}, | ||
"./abstract/poseidon": { | ||
"types": "./abstract/poseidon.d.ts", | ||
"import": "./esm/abstract/poseidon.js", | ||
"default": "./abstract/poseidon.js" | ||
"require": "./abstract/poseidon.js" | ||
}, | ||
"./_shortw_utils": { | ||
"types": "./_shortw_utils.d.ts", | ||
"import": "./esm/_shortw_utils.js", | ||
"default": "./_shortw_utils.js" | ||
"require": "./_shortw_utils.js" | ||
}, | ||
"./bls12-381": { | ||
"types": "./bls12-381.d.ts", | ||
"import": "./esm/bls12-381.js", | ||
"default": "./bls12-381.js" | ||
"require": "./bls12-381.js" | ||
}, | ||
"./bn254": { | ||
"types": "./bn254.d.ts", | ||
"import": "./esm/bn254.js", | ||
"default": "./bn254.js" | ||
"require": "./bn254.js" | ||
}, | ||
"./ed25519": { | ||
"types": "./ed25519.d.ts", | ||
"import": "./esm/ed25519.js", | ||
"default": "./ed25519.js" | ||
"require": "./ed25519.js" | ||
}, | ||
"./ed448": { | ||
"types": "./ed448.d.ts", | ||
"import": "./esm/ed448.js", | ||
"default": "./ed448.js" | ||
"require": "./ed448.js" | ||
}, | ||
"./index": { | ||
"types": "./index.d.ts", | ||
"import": "./esm/index.js", | ||
"default": "./index.js" | ||
"require": "./index.js" | ||
}, | ||
"./jubjub": { | ||
"types": "./jubjub.d.ts", | ||
"import": "./esm/jubjub.js", | ||
"default": "./jubjub.js" | ||
"require": "./jubjub.js" | ||
}, | ||
"./p256": { | ||
"types": "./p256.d.ts", | ||
"import": "./esm/p256.js", | ||
"default": "./p256.js" | ||
"require": "./p256.js" | ||
}, | ||
"./p384": { | ||
"types": "./p384.d.ts", | ||
"import": "./esm/p384.js", | ||
"default": "./p384.js" | ||
"require": "./p384.js" | ||
}, | ||
"./p521": { | ||
"types": "./p521.d.ts", | ||
"import": "./esm/p521.js", | ||
"default": "./p521.js" | ||
"require": "./p521.js" | ||
}, | ||
"./pasta": { | ||
"types": "./pasta.d.ts", | ||
"import": "./esm/pasta.js", | ||
"default": "./pasta.js" | ||
"require": "./pasta.js" | ||
}, | ||
"./secp256k1": { | ||
"types": "./secp256k1.d.ts", | ||
"import": "./esm/secp256k1.js", | ||
"default": "./secp256k1.js" | ||
"require": "./secp256k1.js" | ||
} | ||
@@ -155,0 +134,0 @@ }, |
12
pasta.js
@@ -6,5 +6,5 @@ "use strict"; | ||
const sha256_1 = require("@noble/hashes/sha256"); | ||
const _shortw_utils_js_1 = require("./_shortw_utils.js"); | ||
const modular_js_1 = require("./abstract/modular.js"); | ||
const weierstrass_js_1 = require("./abstract/weierstrass.js"); | ||
const _shortw_utils_js_1 = require("./_shortw_utils.js"); | ||
const mod = require("./abstract/modular.js"); | ||
exports.p = BigInt('0x40000000000000000000000000000000224698fc094cf91b992d30ed00000001'); | ||
@@ -16,5 +16,5 @@ exports.q = BigInt('0x40000000000000000000000000000000224698fc0994a8dd8c46eb2100000001'); | ||
b: BigInt(5), | ||
Fp: mod.Field(exports.p), | ||
Fp: (0, modular_js_1.Field)(exports.p), | ||
n: exports.q, | ||
Gx: mod.mod(BigInt(-1), exports.p), | ||
Gx: (0, modular_js_1.mod)(BigInt(-1), exports.p), | ||
Gy: BigInt(2), | ||
@@ -28,5 +28,5 @@ h: BigInt(1), | ||
b: BigInt(5), | ||
Fp: mod.Field(exports.q), | ||
Fp: (0, modular_js_1.Field)(exports.q), | ||
n: exports.p, | ||
Gx: mod.mod(BigInt(-1), exports.q), | ||
Gx: (0, modular_js_1.mod)(BigInt(-1), exports.q), | ||
Gy: BigInt(2), | ||
@@ -33,0 +33,0 @@ h: BigInt(1), |
@@ -5,6 +5,6 @@ # noble-curves | ||
- 🔒 [**Audited**](#security) by independent security firms | ||
- 🔻 Tree-shaking-friendly: use only what's necessary, other code won't be included | ||
- 🏎 Ultra-fast, hand-optimized for caveats of JS engines | ||
- 🔍 Unique tests ensure correctness: property-based, cross-library and Wycheproof vectors, fuzzing | ||
- 🔒 [**Audited**](#security) by an independent security firms | ||
- 🔻 Tree-shakeable: unused code is excluded from your builds | ||
- 🏎 Fast: hand-optimized for caveats of JS engines | ||
- 🔍 Reliable: property-based / cross-library / wycheproof tests and fuzzing ensure correctness | ||
- ➰ Short Weierstrass, Edwards, Montgomery curves | ||
@@ -14,3 +14,3 @@ - ✍️ ECDSA, EdDSA, Schnorr, BLS signature schemes, ECDH key agreement, hashing to curves | ||
- 🧜♂️ Poseidon ZK-friendly hash | ||
- 🪶 178KB for everything, 25KB for single-curve build | ||
- 🪶 178KB (87KB gzipped) for everything including bundled hashes, 22KB (10KB gzipped) for single-curve build | ||
@@ -151,3 +151,3 @@ For discussions, questions and support, visit | ||
[RFC8032](https://www.rfc-editor.org/rfc/rfc8032) / [FIPS 186-5](https://csrc.nist.gov/publications/detail/fips/186/5/final) | ||
and additionally provides non-repudiation with SBS [(Strongly Binding Signatures)](https://eprint.iacr.org/2020/1244). | ||
and additionally provides [non-repudiation with SBS](#edwards-twisted-edwards-curve). | ||
@@ -335,3 +335,5 @@ X25519 follows [RFC7748](https://www.rfc-editor.org/rfc/rfc7748). | ||
// example | ||
function sha256(message: Uint8Array) { return _internal_lowlvl(message) } | ||
function sha256(message: Uint8Array) { | ||
return _internal_lowlvl(message); | ||
} | ||
sha256.outputLen = 32; // 32 bytes of output for sha2-256 | ||
@@ -497,2 +499,8 @@ ``` | ||
We support [non-repudiation](https://eprint.iacr.org/2020/1244), which help in following scenarios: | ||
- Contract Signing: if A signed an agreement with B using key that allows repudiation, it can later claim that it signed a different contract | ||
- E-voting: malicious voters may pick keys that allow repudiation in order to deny results | ||
- Blockchains: transaction of amount X might also be valid for a different amount Y | ||
**Edwards points:** | ||
@@ -563,3 +571,3 @@ | ||
Gu: 9n, | ||
Fp: Field(2n ** 255n - 19n), | ||
P: 2n ** 255n - 19n, | ||
montgomeryBits: 255, | ||
@@ -623,3 +631,3 @@ nByteLength: 32, | ||
// Use custom DST, e.g. for Ethereum consensus layer | ||
const htfEthereum = {DST: 'BLS_SIG_BLS12381G2_XMD:SHA-256_SSWU_RO_POP_'}; | ||
const htfEthereum = { DST: 'BLS_SIG_BLS12381G2_XMD:SHA-256_SSWU_RO_POP_' }; | ||
const signatureEth = bls.sign(message, privateKey, htfEthereum); | ||
@@ -655,5 +663,5 @@ const isValidEth = bls.verify(signature, message, publicKey, htfEthereum); | ||
// Others | ||
bls.G1.ProjectivePoint.BASE, bls.G2.ProjectivePoint.BASE | ||
bls.fields.Fp, bls.fields.Fp2, bls.fields.Fp12, bls.fields.Fr | ||
bls.params.x, bls.params.r, bls.params.G1b, bls.params.G2b | ||
bls.G1.ProjectivePoint.BASE, bls.G2.ProjectivePoint.BASE; | ||
bls.fields.Fp, bls.fields.Fp2, bls.fields.Fp12, bls.fields.Fr; | ||
bls.params.x, bls.params.r, bls.params.G1b, bls.params.G2b; | ||
@@ -850,13 +858,13 @@ // hash-to-curve examples can be seen below | ||
* **Commits** are signed with PGP keys, to prevent forgery. Make sure to verify commit signatures. | ||
* **Releases** are transparent and built on GitHub CI. Make sure to verify [provenance](https://docs.npmjs.com/generating-provenance-statements) logs | ||
* **Rare releasing** is followed to ensure less re-audit need for end-users | ||
* **Dependencies** are minimized and locked-down: | ||
- If your app has 500 dependencies, any dep could get hacked and you'll be downloading | ||
malware with every install. We make sure to use as few dependencies as possible | ||
- We prevent automatic dependency updates by locking-down version ranges. Every update is checked with `npm-diff` | ||
- One dependency [noble-hashes](https://github.com/paulmillr/noble-hashes) is used, by the same author, to provide hashing functionality | ||
* **Dev Dependencies** are only used if you want to contribute to the repo. They are disabled for end-users: | ||
- scure-base, scure-bip32, scure-bip39, micro-bmark and micro-should are developed by the same author and follow identical security practices | ||
- prettier (linter), fast-check (property-based testing) and typescript are used for code quality, vector generation and ts compilation. The packages are big, which makes it hard to audit their source code thoroughly and fully | ||
- **Commits** are signed with PGP keys, to prevent forgery. Make sure to verify commit signatures. | ||
- **Releases** are transparent and built on GitHub CI. Make sure to verify [provenance](https://docs.npmjs.com/generating-provenance-statements) logs | ||
- **Rare releasing** is followed to ensure less re-audit need for end-users | ||
- **Dependencies** are minimized and locked-down: | ||
- If your app has 500 dependencies, any dep could get hacked and you'll be downloading | ||
malware with every install. We make sure to use as few dependencies as possible | ||
- We prevent automatic dependency updates by locking-down version ranges. Every update is checked with `npm-diff` | ||
- One dependency [noble-hashes](https://github.com/paulmillr/noble-hashes) is used, by the same author, to provide hashing functionality | ||
- **Dev Dependencies** are only used if you want to contribute to the repo. They are disabled for end-users: | ||
- scure-base, scure-bip32, scure-bip39, micro-bmark and micro-should are developed by the same author and follow identical security practices | ||
- prettier (linter), fast-check (property-based testing) and typescript are used for code quality, vector generation and ts compilation. The packages are big, which makes it hard to audit their source code thoroughly and fully | ||
@@ -863,0 +871,0 @@ ### Randomness |
import { mod } from './abstract/modular.js'; | ||
import { ProjPointType as PointType } from './abstract/weierstrass.js'; | ||
import type { Hex, PrivKey } from './abstract/utils.js'; | ||
import { bytesToNumberBE, numberToBytesBE } from './abstract/utils.js'; | ||
import { ProjPointType as PointType } from './abstract/weierstrass.js'; | ||
export declare const secp256k1: Readonly<{ | ||
create: (hash: import("./abstract/utils.js").CHash) => import("./abstract/weierstrass.js").CurveFn; | ||
CURVE: Readonly<{ | ||
CURVE: ReturnType<(curve: import("./abstract/weierstrass.js").CurveType) => Readonly<{ | ||
readonly nBitLength: number; | ||
@@ -13,10 +13,10 @@ readonly nByteLength: number; | ||
readonly h: bigint; | ||
readonly hEff?: bigint | undefined; | ||
readonly hEff?: bigint; | ||
readonly Gx: bigint; | ||
readonly Gy: bigint; | ||
readonly allowInfinityPoint?: boolean | undefined; | ||
readonly allowInfinityPoint?: boolean; | ||
readonly a: bigint; | ||
readonly b: bigint; | ||
readonly allowedPrivateKeyLengths?: readonly number[] | undefined; | ||
readonly wrapPrivateKey?: boolean | undefined; | ||
readonly allowedPrivateKeyLengths?: readonly number[]; | ||
readonly wrapPrivateKey?: boolean; | ||
readonly endo?: { | ||
@@ -30,3 +30,3 @@ beta: bigint; | ||
}; | ||
} | undefined; | ||
}; | ||
readonly isTorsionFree?: ((c: import("./abstract/weierstrass.js").ProjConstructor<bigint>, point: PointType<bigint>) => boolean) | undefined; | ||
@@ -36,15 +36,15 @@ readonly clearCofactor?: ((c: import("./abstract/weierstrass.js").ProjConstructor<bigint>, point: PointType<bigint>) => PointType<bigint>) | undefined; | ||
readonly hmac: (key: Uint8Array, ...messages: Uint8Array[]) => Uint8Array; | ||
readonly randomBytes: (bytesLength?: number | undefined) => Uint8Array; | ||
readonly randomBytes: (bytesLength?: number) => Uint8Array; | ||
lowS: boolean; | ||
readonly bits2int?: ((bytes: Uint8Array) => bigint) | undefined; | ||
readonly bits2int_modN?: ((bytes: Uint8Array) => bigint) | undefined; | ||
readonly bits2int?: (bytes: Uint8Array) => bigint; | ||
readonly bits2int_modN?: (bytes: Uint8Array) => bigint; | ||
readonly p: bigint; | ||
}>; | ||
getPublicKey: (privateKey: PrivKey, isCompressed?: boolean | undefined) => Uint8Array; | ||
getSharedSecret: (privateA: PrivKey, publicB: Hex, isCompressed?: boolean | undefined) => Uint8Array; | ||
sign: (msgHash: Hex, privKey: PrivKey, opts?: import("./abstract/weierstrass.js").SignOpts | undefined) => import("./abstract/weierstrass.js").RecoveredSignatureType; | ||
}>>; | ||
getPublicKey: (privateKey: PrivKey, isCompressed?: boolean) => Uint8Array; | ||
getSharedSecret: (privateA: PrivKey, publicB: Hex, isCompressed?: boolean) => Uint8Array; | ||
sign: (msgHash: Hex, privKey: PrivKey, opts?: import("./abstract/weierstrass.js").SignOpts) => import("./abstract/weierstrass.js").RecoveredSignatureType; | ||
verify: (signature: Hex | { | ||
r: bigint; | ||
s: bigint; | ||
}, msgHash: Hex, publicKey: Hex, opts?: import("./abstract/weierstrass.js").VerOpts | undefined) => boolean; | ||
}, msgHash: Hex, publicKey: Hex, opts?: import("./abstract/weierstrass.js").VerOpts) => boolean; | ||
ProjectivePoint: import("./abstract/weierstrass.js").ProjConstructor<bigint>; | ||
@@ -56,3 +56,3 @@ Signature: import("./abstract/weierstrass.js").SignatureConstructor; | ||
randomPrivateKey: () => Uint8Array; | ||
precompute: (windowSize?: number | undefined, point?: PointType<bigint> | undefined) => PointType<bigint>; | ||
precompute: (windowSize?: number, point?: PointType<bigint>) => PointType<bigint>; | ||
}; | ||
@@ -94,5 +94,5 @@ }>; | ||
}; | ||
export declare const hashToCurve: (msg: Uint8Array, options?: import("./abstract/hash-to-curve.js").htfBasicOpts | undefined) => import("./abstract/hash-to-curve.js").H2CPoint<bigint>; | ||
export declare const encodeToCurve: (msg: Uint8Array, options?: import("./abstract/hash-to-curve.js").htfBasicOpts | undefined) => import("./abstract/hash-to-curve.js").H2CPoint<bigint>; | ||
export declare const hashToCurve: (msg: Uint8Array, options?: import("./abstract/hash-to-curve.js").htfBasicOpts) => import("./abstract/hash-to-curve.js").H2CPoint<bigint>; | ||
export declare const encodeToCurve: (msg: Uint8Array, options?: import("./abstract/hash-to-curve.js").htfBasicOpts) => import("./abstract/hash-to-curve.js").H2CPoint<bigint>; | ||
export {}; | ||
//# sourceMappingURL=secp256k1.d.ts.map |
@@ -7,7 +7,7 @@ "use strict"; | ||
const utils_1 = require("@noble/hashes/utils"); | ||
const _shortw_utils_js_1 = require("./_shortw_utils.js"); | ||
const hash_to_curve_js_1 = require("./abstract/hash-to-curve.js"); | ||
const modular_js_1 = require("./abstract/modular.js"); | ||
const utils_js_1 = require("./abstract/utils.js"); | ||
const weierstrass_js_1 = require("./abstract/weierstrass.js"); | ||
const utils_js_1 = require("./abstract/utils.js"); | ||
const hash_to_curve_js_1 = require("./abstract/hash-to-curve.js"); | ||
const _shortw_utils_js_1 = require("./_shortw_utils.js"); | ||
const secp256k1P = BigInt('0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f'); | ||
@@ -14,0 +14,0 @@ const secp256k1N = BigInt('0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141'); |
/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ | ||
import { hmac } from '@noble/hashes/hmac'; | ||
import { concatBytes, randomBytes } from '@noble/hashes/utils'; | ||
import { weierstrass, CurveType } from './abstract/weierstrass.js'; | ||
import { CHash } from './abstract/utils.js'; | ||
import { CurveType, weierstrass } from './abstract/weierstrass.js'; | ||
@@ -7,0 +7,0 @@ // connects noble-curves to noble-hashes |
/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ | ||
/** | ||
* BLS (Barreto-Lynn-Scott) family of pairing-friendly curves. | ||
* Implements BLS (Boneh-Lynn-Shacham) signatures. | ||
* Consists of two curves: G1 and G2: | ||
* - G1 is a subgroup of (x, y) E(Fq) over y² = x³ + 4. | ||
* - G2 is a subgroup of ((x₁, x₂+i), (y₁, y₂+i)) E(Fq²) over y² = x³ + 4(1 + i) where i is √-1 | ||
* - Gt, created by bilinear (ate) pairing e(G1, G2), consists of p-th roots of unity in | ||
* Fq^k where k is embedding degree. Only degree 12 is currently supported, 24 is not. | ||
* Pairing is used to aggregate and verify signatures. | ||
* We are using Fp for private keys (shorter) and Fp₂ for signatures (longer). | ||
* Some projects may prefer to swap this relation, it is not supported for now. | ||
*/ | ||
// BLS (Barreto-Lynn-Scott) family of pairing-friendly curves. | ||
import { AffinePoint } from './curve.js'; | ||
@@ -29,2 +18,15 @@ import { IField, getMinHashLength, mapHashToField } from './modular.js'; | ||
/** | ||
* BLS (Barreto-Lynn-Scott) family of pairing-friendly curves. | ||
* Implements BLS (Boneh-Lynn-Shacham) signatures. | ||
* Consists of two curves: G1 and G2: | ||
* - G1 is a subgroup of (x, y) E(Fq) over y² = x³ + 4. | ||
* - G2 is a subgroup of ((x₁, x₂+i), (y₁, y₂+i)) E(Fq²) over y² = x³ + 4(1 + i) where i is √-1 | ||
* - Gt, created by bilinear (ate) pairing e(G1, G2), consists of p-th roots of unity in | ||
* Fq^k where k is embedding degree. Only degree 12 is currently supported, 24 is not. | ||
* Pairing is used to aggregate and verify signatures. | ||
* We are using Fp for private keys (shorter) and Fp₂ for signatures (longer). | ||
* Some projects may prefer to swap this relation, it is not supported for now. | ||
**/ | ||
type Fp = bigint; // Can be different field? | ||
@@ -47,2 +49,15 @@ | ||
type Fp2Bls<Fp, Fp2> = IField<Fp2> & { | ||
reim: (num: Fp2) => { re: Fp; im: Fp }; | ||
multiplyByB: (num: Fp2) => Fp2; | ||
frobeniusMap(num: Fp2, power: number): Fp2; | ||
}; | ||
type Fp12Bls<Fp2, Fp12> = IField<Fp12> & { | ||
frobeniusMap(num: Fp12, power: number): Fp12; | ||
multiplyBy014(num: Fp12, o0: Fp2, o1: Fp2, o4: Fp2): Fp12; | ||
conjugate(num: Fp12): Fp12; | ||
finalExponentiate(num: Fp12): Fp12; | ||
}; | ||
export type CurveType<Fp, Fp2, Fp6, Fp12> = { | ||
@@ -62,14 +77,5 @@ G1: Omit<CurvePointsType<Fp>, 'n'> & { | ||
Fr: IField<bigint>; | ||
Fp2: IField<Fp2> & { | ||
reim: (num: Fp2) => { re: bigint; im: bigint }; | ||
multiplyByB: (num: Fp2) => Fp2; | ||
frobeniusMap(num: Fp2, power: number): Fp2; | ||
}; | ||
Fp2: Fp2Bls<Fp, Fp2>; | ||
Fp6: IField<Fp6>; | ||
Fp12: IField<Fp12> & { | ||
frobeniusMap(num: Fp12, power: number): Fp12; | ||
multiplyBy014(num: Fp12, o0: Fp2, o1: Fp2, o4: Fp2): Fp12; | ||
conjugate(num: Fp12): Fp12; | ||
finalExponentiate(num: Fp12): Fp12; | ||
}; | ||
Fp12: Fp12Bls<Fp2, Fp12>; | ||
}; | ||
@@ -140,5 +146,5 @@ params: { | ||
Fp: IField<Fp>; | ||
Fp2: IField<Fp2>; | ||
Fp2: Fp2Bls<Fp, Fp2>; | ||
Fp6: IField<Fp6>; | ||
Fp12: IField<Fp12>; | ||
Fp12: Fp12Bls<Fp2, Fp12>; | ||
Fr: IField<bigint>; | ||
@@ -145,0 +151,0 @@ }; |
/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ | ||
// Twisted Edwards curve. The formula is: ax² + y² = 1 + dx²y² | ||
import { AffinePoint, BasicCurve, Group, GroupConstructor, validateBasic, wNAF } from './curve.js'; | ||
import { mod } from './modular.js'; | ||
import * as ut from './utils.js'; | ||
import { ensureBytes, FHash, Hex } from './utils.js'; | ||
import { Group, GroupConstructor, wNAF, BasicCurve, validateBasic, AffinePoint } from './curve.js'; | ||
@@ -375,3 +375,4 @@ // Be friendly to bad ECMAScript parsers by not using bigint literals | ||
// RFC8032 prohibits >= p, but ZIP215 doesn't | ||
if (zip215) assertInRange(y, MASK); // zip215=true [1..P-1] (2^255-19-1 for ed25519) | ||
if (zip215) | ||
assertInRange(y, MASK); // zip215=true [1..P-1] (2^255-19-1 for ed25519) | ||
else assertInRange(y, Fp.ORDER); // zip215=false [1..MASK-1] (2^256-1 for ed25519) | ||
@@ -378,0 +379,0 @@ } |
/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ | ||
import type { Group, GroupConstructor, AffinePoint } from './curve.js'; | ||
import { mod, IField } from './modular.js'; | ||
import type { AffinePoint, Group, GroupConstructor } from './curve.js'; | ||
import { IField, mod } from './modular.js'; | ||
import type { CHash } from './utils.js'; | ||
import { bytesToNumberBE, abytes, concatBytes, utf8ToBytes, validateObject } from './utils.js'; | ||
import { abytes, bytesToNumberBE, concatBytes, utf8ToBytes, validateObject } from './utils.js'; | ||
@@ -220,3 +220,13 @@ /** | ||
}, | ||
// Same as encodeToCurve, but without hash | ||
mapToCurve(scalars: bigint[]) { | ||
if (!Array.isArray(scalars)) throw new Error('mapToCurve: expected array of bigints'); | ||
for (const i of scalars) | ||
if (typeof i !== 'bigint') | ||
throw new Error(`mapToCurve: expected array of bigints, got ${i} in array`); | ||
const P = Point.fromAffine(mapToCurve(scalars)).clearCofactor(); | ||
P.assertValidity(); | ||
return P; | ||
}, | ||
}; | ||
} |
@@ -5,7 +5,7 @@ /*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ | ||
bitMask, | ||
numberToBytesBE, | ||
numberToBytesLE, | ||
bytesToNumberBE, | ||
bytesToNumberLE, | ||
ensureBytes, | ||
numberToBytesBE, | ||
numberToBytesLE, | ||
validateObject, | ||
@@ -12,0 +12,0 @@ } from './utils.js'; |
/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ | ||
// Poseidon Hash: https://eprint.iacr.org/2019/458.pdf, https://www.poseidon-hash.info | ||
import { IField, FpPow, validateField } from './modular.js'; | ||
import { FpPow, IField, validateField } from './modular.js'; | ||
// We don't provide any constants, since different implementations use different constants. | ||
@@ -5,0 +5,0 @@ // For reference constants see './test/poseidon.test.js'. |
@@ -6,5 +6,5 @@ /*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ | ||
// won't be included into their bundle. | ||
const _0n = BigInt(0); | ||
const _1n = BigInt(1); | ||
const _2n = BigInt(2); | ||
const _0n = /* @__PURE__ */ BigInt(0); | ||
const _1n = /* @__PURE__ */ BigInt(1); | ||
const _2n = /* @__PURE__ */ BigInt(2); | ||
export type Hex = Uint8Array | string; // hex strings are accepted for simplicity | ||
@@ -11,0 +11,0 @@ export type PrivKey = Hex | bigint; // bigints are accepted to ease learning curve |
/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ | ||
// Short Weierstrass curve. The formula is: y² = x³ + ax + b | ||
import { AffinePoint, BasicCurve, Group, GroupConstructor, validateBasic, wNAF } from './curve.js'; | ||
import * as mod from './modular.js'; | ||
import * as ut from './utils.js'; | ||
import { CHash, Hex, PrivKey, ensureBytes } from './utils.js'; | ||
import { Group, GroupConstructor, wNAF, BasicCurve, validateBasic, AffinePoint } from './curve.js'; | ||
@@ -8,0 +8,0 @@ export type { AffinePoint }; |
/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ | ||
// bls12-381 is pairing-friendly Barreto-Lynn-Scott elliptic curve construction allowing to: | ||
// - Construct zk-SNARKs at the 120-bit security | ||
// - Efficiently verify N aggregate signatures with 1 pairing and N ec additions: | ||
// the Boneh-Lynn-Shacham signature scheme is orders of magnitude more efficient than Schnorr | ||
// | ||
// ### Summary | ||
// 1. BLS Relies on Bilinear Pairing (expensive) | ||
// 2. Private Keys: 32 bytes | ||
// 3. Public Keys: 48 bytes: 381 bit affine x coordinate, encoded into 48 big-endian bytes. | ||
// 4. Signatures: 96 bytes: two 381 bit integers (affine x coordinate), encoded into two 48 big-endian byte arrays. | ||
// - The signature is a point on the G2 subgroup, which is defined over a finite field | ||
// with elements twice as big as the G1 curve (G2 is over Fp2 rather than Fp. Fp2 is analogous to the complex numbers). | ||
// 5. The 12 stands for the Embedding degree. | ||
// | ||
// ### Formulas | ||
// - `P = pk x G` - public keys | ||
// - `S = pk x H(m)` - signing | ||
// - `e(P, H(m)) == e(G, S)` - verification using pairings | ||
// - `e(G, S) = e(G, SUM(n)(Si)) = MUL(n)(e(G, Si))` - signature aggregation | ||
// | ||
// ### Compatibility and notes | ||
// 1. It is compatible with Algorand, Chia, Dfinity, Ethereum, Filecoin, ZEC | ||
// Filecoin uses little endian byte arrays for private keys - make sure to reverse byte order. | ||
// 2. Some projects use G2 for public keys and G1 for signatures. It's called "short signature" | ||
// 3. Curve security level is about 120 bits as per Barbulescu-Duquesne 2017 | ||
// https://hal.science/hal-01534101/file/main.pdf | ||
// 4. Compatible with specs: | ||
// [cfrg-pairing-friendly-curves-11](https://tools.ietf.org/html/draft-irtf-cfrg-pairing-friendly-curves-11), | ||
// [cfrg-bls-signature-05](https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-bls-signature-05), | ||
// [RFC 9380](https://www.rfc-editor.org/rfc/rfc9380). | ||
import { sha256 } from '@noble/hashes/sha256'; | ||
@@ -38,21 +7,54 @@ import { randomBytes } from '@noble/hashes/utils'; | ||
import { | ||
bitGet, | ||
bitLen, | ||
bitMask, | ||
bytesToHex, | ||
bytesToNumberBE, | ||
concatBytes as concatB, | ||
ensureBytes, | ||
Hex, | ||
numberToBytesBE, | ||
bytesToNumberBE, | ||
bitLen, | ||
bitGet, | ||
Hex, | ||
bitMask, | ||
bytesToHex, | ||
} from './abstract/utils.js'; | ||
// Types | ||
import { isogenyMap } from './abstract/hash-to-curve.js'; | ||
import { | ||
AffinePoint, | ||
mapToCurveSimpleSWU, | ||
ProjConstructor, | ||
ProjPointType, | ||
ProjConstructor, | ||
mapToCurveSimpleSWU, | ||
AffinePoint, | ||
} from './abstract/weierstrass.js'; | ||
import { isogenyMap } from './abstract/hash-to-curve.js'; | ||
/* | ||
bls12-381 is pairing-friendly Barreto-Lynn-Scott elliptic curve construction allowing to: | ||
- Construct zk-SNARKs at the 120-bit security | ||
- Efficiently verify N aggregate signatures with 1 pairing and N ec additions: | ||
the Boneh-Lynn-Shacham signature scheme is orders of magnitude more efficient than Schnorr | ||
### Summary | ||
1. BLS Relies on Bilinear Pairing (expensive) | ||
2. Private Keys: 32 bytes | ||
3. Public Keys: 48 bytes: 381 bit affine x coordinate, encoded into 48 big-endian bytes. | ||
4. Signatures: 96 bytes: two 381 bit integers (affine x coordinate), encoded into two 48 big-endian byte arrays. | ||
- The signature is a point on the G2 subgroup, which is defined over a finite field | ||
with elements twice as big as the G1 curve (G2 is over Fp2 rather than Fp. Fp2 is analogous to the complex numbers). | ||
5. The 12 stands for the Embedding degree. | ||
### Formulas | ||
- `P = pk x G` - public keys | ||
- `S = pk x H(m)` - signing | ||
- `e(P, H(m)) == e(G, S)` - verification using pairings | ||
- `e(G, S) = e(G, SUM(n)(Si)) = MUL(n)(e(G, Si))` - signature aggregation | ||
### Compatibility and notes | ||
1. It is compatible with Algorand, Chia, Dfinity, Ethereum, Filecoin, ZEC | ||
Filecoin uses little endian byte arrays for private keys - make sure to reverse byte order. | ||
2. Some projects use G2 for public keys and G1 for signatures. It's called "short signature" | ||
3. Curve security level is about 120 bits as per Barbulescu-Duquesne 2017 | ||
https://hal.science/hal-01534101/file/main.pdf | ||
4. Compatible with specs: | ||
[cfrg-pairing-friendly-curves-11](https://tools.ietf.org/html/draft-irtf-cfrg-pairing-friendly-curves-11), | ||
[cfrg-bls-signature-05](https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-bls-signature-05), | ||
[RFC 9380](https://www.rfc-editor.org/rfc/rfc9380). | ||
*/ | ||
// Be friendly to bad ECMAScript parsers by not using bigint literals | ||
@@ -507,5 +509,5 @@ // prettier-ignore | ||
type BigintTwelve = [ | ||
bigint, bigint, bigint, bigint, bigint, bigint, | ||
bigint, bigint, bigint, bigint, bigint, bigint | ||
]; | ||
bigint, bigint, bigint, bigint, bigint, bigint, | ||
bigint, bigint, bigint, bigint, bigint, bigint | ||
]; | ||
const Fp12Add = ({ c0, c1 }: Fp12, { c0: r0, c1: r1 }: Fp12) => ({ | ||
@@ -512,0 +514,0 @@ c0: Fp6.add(c0, r0), |
/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ | ||
import { sha256 } from '@noble/hashes/sha256'; | ||
import { weierstrass } from './abstract/weierstrass.js'; | ||
import { getHash } from './_shortw_utils.js'; | ||
import { Field } from './abstract/modular.js'; | ||
import { weierstrass } from './abstract/weierstrass.js'; | ||
/** | ||
@@ -7,0 +7,0 @@ * bn254 pairing-friendly curve. |
/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ | ||
import { sha512 } from '@noble/hashes/sha512'; | ||
import { concatBytes, randomBytes, utf8ToBytes } from '@noble/hashes/utils'; | ||
import { AffinePoint, Group } from './abstract/curve.js'; | ||
import { ExtPointType, twistedEdwards } from './abstract/edwards.js'; | ||
import { createHasher, expand_message_xmd, htfBasicOpts } from './abstract/hash-to-curve.js'; | ||
import { Field, FpSqrtEven, isNegativeLE, mod, pow2 } from './abstract/modular.js'; | ||
import { montgomery } from './abstract/montgomery.js'; | ||
import { Field, FpSqrtEven, isNegativeLE, mod, pow2 } from './abstract/modular.js'; | ||
import { | ||
@@ -15,4 +17,2 @@ bytesToHex, | ||
} from './abstract/utils.js'; | ||
import { createHasher, htfBasicOpts, expand_message_xmd } from './abstract/hash-to-curve.js'; | ||
import { AffinePoint, Group } from './abstract/curve.js'; | ||
@@ -30,3 +30,3 @@ /** | ||
// √(-1) aka √(a) aka 2^((p-1)/4) | ||
const ED25519_SQRT_M1 = BigInt( | ||
const ED25519_SQRT_M1 = /* @__PURE__ */ BigInt( | ||
'19681161376707505956807079304988542015446066515923890162744021073123829784752' | ||
@@ -36,7 +36,9 @@ ); | ||
// prettier-ignore | ||
const _0n = BigInt(0), _1n = BigInt(1), _2n = BigInt(2), _5n = BigInt(5); | ||
const _0n = BigInt(0), _1n = BigInt(1), _2n = BigInt(2), _3n = BigInt(3); | ||
// prettier-ignore | ||
const _10n = BigInt(10), _20n = BigInt(20), _40n = BigInt(40), _80n = BigInt(80); | ||
const _5n = BigInt(5), _8n = BigInt(8); | ||
function ed25519_pow_2_252_3(x: bigint) { | ||
// prettier-ignore | ||
const _10n = BigInt(10), _20n = BigInt(20), _40n = BigInt(40), _80n = BigInt(80); | ||
const P = ED25519_P; | ||
@@ -102,30 +104,31 @@ const x2 = (x * x) % P; | ||
const Fp = Field(ED25519_P, undefined, true); | ||
const Fp = /* @__PURE__ */ (() => Field(ED25519_P, undefined, true))(); | ||
const ed25519Defaults = { | ||
// Param: a | ||
a: BigInt(-1), // Fp.create(-1) is proper; our way still works and is faster | ||
// d is equal to -121665/121666 over finite field. | ||
// Negative number is P - number, and division is invert(number, P) | ||
d: BigInt('37095705934669439343138083508754565189542113879843219016388785533085940283555'), | ||
// Finite field 𝔽p over which we'll do calculations; 2n**255n - 19n | ||
Fp, | ||
// Subgroup order: how many points curve has | ||
// 2n**252n + 27742317777372353535851937790883648493n; | ||
n: BigInt('7237005577332262213973186563042994240857116359379907606001950938285454250989'), | ||
// Cofactor | ||
h: BigInt(8), | ||
// Base point (x, y) aka generator point | ||
Gx: BigInt('15112221349535400772501151409588531511454012693041857206046113283949847762202'), | ||
Gy: BigInt('46316835694926478169428394003475163141307993866256225615783033603165251855960'), | ||
hash: sha512, | ||
randomBytes, | ||
adjustScalarBytes, | ||
// dom2 | ||
// Ratio of u to v. Allows us to combine inversion and square root. Uses algo from RFC8032 5.1.3. | ||
// Constant-time, u/√v | ||
uvRatio, | ||
} as const; | ||
const ed25519Defaults = /* @__PURE__ */ (() => | ||
({ | ||
// Param: a | ||
a: BigInt(-1), // Fp.create(-1) is proper; our way still works and is faster | ||
// d is equal to -121665/121666 over finite field. | ||
// Negative number is P - number, and division is invert(number, P) | ||
d: BigInt('37095705934669439343138083508754565189542113879843219016388785533085940283555'), | ||
// Finite field 𝔽p over which we'll do calculations; 2n**255n - 19n | ||
Fp, | ||
// Subgroup order: how many points curve has | ||
// 2n**252n + 27742317777372353535851937790883648493n; | ||
n: BigInt('7237005577332262213973186563042994240857116359379907606001950938285454250989'), | ||
// Cofactor | ||
h: _8n, | ||
// Base point (x, y) aka generator point | ||
Gx: BigInt('15112221349535400772501151409588531511454012693041857206046113283949847762202'), | ||
Gy: BigInt('46316835694926478169428394003475163141307993866256225615783033603165251855960'), | ||
hash: sha512, | ||
randomBytes, | ||
adjustScalarBytes, | ||
// dom2 | ||
// Ratio of u to v. Allows us to combine inversion and square root. Uses algo from RFC8032 5.1.3. | ||
// Constant-time, u/√v | ||
uvRatio, | ||
}) as const)(); | ||
export const ed25519 = /* @__PURE__ */ twistedEdwards(ed25519Defaults); | ||
export const ed25519 = /* @__PURE__ */ (() => twistedEdwards(ed25519Defaults))(); | ||
@@ -142,11 +145,14 @@ function ed25519_domain(data: Uint8Array, ctx: Uint8Array, phflag: boolean) { | ||
export const ed25519ctx = /* @__PURE__ */ twistedEdwards({ | ||
...ed25519Defaults, | ||
domain: ed25519_domain, | ||
}); | ||
export const ed25519ph = /* @__PURE__ */ twistedEdwards({ | ||
...ed25519Defaults, | ||
domain: ed25519_domain, | ||
prehash: sha512, | ||
}); | ||
export const ed25519ctx = /* @__PURE__ */ (() => | ||
twistedEdwards({ | ||
...ed25519Defaults, | ||
domain: ed25519_domain, | ||
}))(); | ||
export const ed25519ph = /* @__PURE__ */ (() => | ||
twistedEdwards( | ||
Object.assign({}, ed25519Defaults, { | ||
domain: ed25519_domain, | ||
prehash: sha512, | ||
}) | ||
))(); | ||
@@ -164,3 +170,3 @@ export const x25519 = /* @__PURE__ */ (() => | ||
const { pow_p_5_8, b2 } = ed25519_pow_2_252_3(x); | ||
return mod(pow2(pow_p_5_8, BigInt(3), P) * b2, P); | ||
return mod(pow2(pow_p_5_8, _3n, P) * b2, P); | ||
}, | ||
@@ -203,23 +209,23 @@ adjustScalarBytes, | ||
const ELL2_C1 = (Fp.ORDER + BigInt(3)) / BigInt(8); // 1. c1 = (q + 3) / 8 # Integer arithmetic | ||
const ELL2_C1 = /* @__PURE__ */ (() => (Fp.ORDER + _3n) / _8n)(); // 1. c1 = (q + 3) / 8 # Integer arithmetic | ||
const ELL2_C2 = /* @__PURE__ */ (() => Fp.pow(_2n, ELL2_C1))(); // 2. c2 = 2^c1 | ||
const ELL2_C3 = /* @__PURE__ */ (() => Fp.sqrt(Fp.neg(Fp.ONE)))(); // 3. c3 = sqrt(-1) | ||
const ELL2_C2 = Fp.pow(_2n, ELL2_C1); // 2. c2 = 2^c1 | ||
const ELL2_C3 = Fp.sqrt(Fp.neg(Fp.ONE)); // 3. c3 = sqrt(-1) | ||
const ELL2_C4 = (Fp.ORDER - BigInt(5)) / BigInt(8); // 4. c4 = (q - 5) / 8 # Integer arithmetic | ||
const ELL2_J = BigInt(486662); | ||
// prettier-ignore | ||
function map_to_curve_elligator2_curve25519(u: bigint) { | ||
let tv1 = Fp.sqr(u); // 1. tv1 = u^2 | ||
const ELL2_C4 = (Fp.ORDER - _5n) / _8n; // 4. c4 = (q - 5) / 8 # Integer arithmetic | ||
const ELL2_J = BigInt(486662); | ||
let tv1 = Fp.sqr(u); // 1. tv1 = u^2 | ||
tv1 = Fp.mul(tv1, _2n); // 2. tv1 = 2 * tv1 | ||
let xd = Fp.add(tv1, Fp.ONE); // 3. xd = tv1 + 1 # Nonzero: -1 is square (mod p), tv1 is not | ||
let x1n = Fp.neg(ELL2_J); // 4. x1n = -J # x1 = x1n / xd = -J / (1 + 2 * u^2) | ||
let tv2 = Fp.sqr(xd); // 5. tv2 = xd^2 | ||
let x1n = Fp.neg(ELL2_J); // 4. x1n = -J # x1 = x1n / xd = -J / (1 + 2 * u^2) | ||
let tv2 = Fp.sqr(xd); // 5. tv2 = xd^2 | ||
let gxd = Fp.mul(tv2, xd); // 6. gxd = tv2 * xd # gxd = xd^3 | ||
let gx1 = Fp.mul(tv1, ELL2_J); // 7. gx1 = J * tv1 # x1n + J * xd | ||
let gx1 = Fp.mul(tv1, ELL2_J);// 7. gx1 = J * tv1 # x1n + J * xd | ||
gx1 = Fp.mul(gx1, x1n); // 8. gx1 = gx1 * x1n # x1n^2 + J * x1n * xd | ||
gx1 = Fp.add(gx1, tv2); // 9. gx1 = gx1 + tv2 # x1n^2 + J * x1n * xd + xd^2 | ||
gx1 = Fp.mul(gx1, x1n); // 10. gx1 = gx1 * x1n # x1n^3 + J * x1n^2 * xd + x1n * xd^2 | ||
let tv3 = Fp.sqr(gxd); // 11. tv3 = gxd^2 | ||
tv2 = Fp.sqr(tv3); // 12. tv2 = tv3^2 # gxd^4 | ||
let tv3 = Fp.sqr(gxd); // 11. tv3 = gxd^2 | ||
tv2 = Fp.sqr(tv3); // 12. tv2 = tv3^2 # gxd^4 | ||
tv3 = Fp.mul(tv3, gxd); // 13. tv3 = tv3 * gxd # gxd^3 | ||
@@ -231,5 +237,5 @@ tv3 = Fp.mul(tv3, gx1); // 14. tv3 = tv3 * gx1 # gx1 * gxd^3 | ||
let y12 = Fp.mul(y11, ELL2_C3); // 18. y12 = y11 * c3 | ||
tv2 = Fp.sqr(y11); // 19. tv2 = y11^2 | ||
tv2 = Fp.sqr(y11); // 19. tv2 = y11^2 | ||
tv2 = Fp.mul(tv2, gxd); // 20. tv2 = tv2 * gxd | ||
let e1 = Fp.eql(tv2, gx1); // 21. e1 = tv2 == gx1 | ||
let e1 = Fp.eql(tv2, gx1); // 21. e1 = tv2 == gx1 | ||
let y1 = Fp.cmov(y12, y11, e1); // 22. y1 = CMOV(y12, y11, e1) # If g(x1) is square, this is its sqrt | ||
@@ -241,9 +247,9 @@ let x2n = Fp.mul(x1n, tv1); // 23. x2n = x1n * tv1 # x2 = x2n / xd = 2 * u^2 * x1n / xd | ||
let gx2 = Fp.mul(gx1, tv1); // 27. gx2 = gx1 * tv1 # g(x2) = gx2 / gxd = 2 * u^2 * g(x1) | ||
tv2 = Fp.sqr(y21); // 28. tv2 = y21^2 | ||
tv2 = Fp.sqr(y21); // 28. tv2 = y21^2 | ||
tv2 = Fp.mul(tv2, gxd); // 29. tv2 = tv2 * gxd | ||
let e2 = Fp.eql(tv2, gx2); // 30. e2 = tv2 == gx2 | ||
let e2 = Fp.eql(tv2, gx2); // 30. e2 = tv2 == gx2 | ||
let y2 = Fp.cmov(y22, y21, e2); // 31. y2 = CMOV(y22, y21, e2) # If g(x2) is square, this is its sqrt | ||
tv2 = Fp.sqr(y1); // 32. tv2 = y1^2 | ||
tv2 = Fp.sqr(y1); // 32. tv2 = y1^2 | ||
tv2 = Fp.mul(tv2, gxd); // 33. tv2 = tv2 * gxd | ||
let e3 = Fp.eql(tv2, gx1); // 34. e3 = tv2 == gx1 | ||
let e3 = Fp.eql(tv2, gx1); // 34. e3 = tv2 == gx1 | ||
let xn = Fp.cmov(x2n, x1n, e3); // 35. xn = CMOV(x2n, x1n, e3) # If e3, x = x1, else x = x2 | ||
@@ -256,3 +262,3 @@ let y = Fp.cmov(y2, y1, e3); // 36. y = CMOV(y2, y1, e3) # If e3, y = y1, else y = y2 | ||
const ELL2_C1_EDWARDS = FpSqrtEven(Fp, Fp.neg(BigInt(486664))); // sgn0(c1) MUST equal 0 | ||
const ELL2_C1_EDWARDS = /* @__PURE__ */ (() => FpSqrtEven(Fp, Fp.neg(BigInt(486664))))(); // sgn0(c1) MUST equal 0 | ||
function map_to_curve_elligator2_edwards25519(u: bigint) { | ||
@@ -301,15 +307,15 @@ const { xMn, xMd, yMn, yMd } = map_to_curve_elligator2_curve25519(u); // 1. (xMn, xMd, yMn, yMd) = | ||
// √(ad - 1) | ||
const SQRT_AD_MINUS_ONE = BigInt( | ||
const SQRT_AD_MINUS_ONE = /* @__PURE__ */ BigInt( | ||
'25063068953384623474111414158702152701244531502492656460079210482610430750235' | ||
); | ||
// 1 / √(a-d) | ||
const INVSQRT_A_MINUS_D = BigInt( | ||
const INVSQRT_A_MINUS_D = /* @__PURE__ */ BigInt( | ||
'54469307008909316920995813868745141605393597292927456921205312896311721017578' | ||
); | ||
// 1-d² | ||
const ONE_MINUS_D_SQ = BigInt( | ||
const ONE_MINUS_D_SQ = /* @__PURE__ */ BigInt( | ||
'1159843021668779879193775521855586647937357759715417654439879720876111806838' | ||
); | ||
// (d-1)² | ||
const D_MINUS_ONE_SQ = BigInt( | ||
const D_MINUS_ONE_SQ = /* @__PURE__ */ BigInt( | ||
'40440834346308536858101042469323190826248399146238708352240133220865137265952' | ||
@@ -320,3 +326,5 @@ ); | ||
const MAX_255B = BigInt('0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff'); | ||
const MAX_255B = /* @__PURE__ */ BigInt( | ||
'0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff' | ||
); | ||
const bytes255ToNumberLE = (bytes: Uint8Array) => | ||
@@ -323,0 +331,0 @@ ed25519.CURVE.Fp.create(bytesToNumberLE(bytes) & MAX_255B); |
/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ | ||
import { shake256 } from '@noble/hashes/sha3'; | ||
import { concatBytes, randomBytes, utf8ToBytes, wrapConstructor } from '@noble/hashes/utils'; | ||
import { AffinePoint, Group } from './abstract/curve.js'; | ||
import { ExtPointType, twistedEdwards } from './abstract/edwards.js'; | ||
import { mod, pow2, Field, isNegativeLE } from './abstract/modular.js'; | ||
import { createHasher, expand_message_xof, htfBasicOpts } from './abstract/hash-to-curve.js'; | ||
import { Field, isNegativeLE, mod, pow2 } from './abstract/modular.js'; | ||
import { montgomery } from './abstract/montgomery.js'; | ||
import { createHasher, htfBasicOpts, expand_message_xof } from './abstract/hash-to-curve.js'; | ||
import { | ||
@@ -16,3 +17,2 @@ bytesToHex, | ||
} from './abstract/utils.js'; | ||
import { AffinePoint, Group } from './abstract/curve.js'; | ||
@@ -19,0 +19,0 @@ /** |
@@ -1,1 +0,1 @@ | ||
throw new Error('Incorrect usage. Import submodules instead'); | ||
throw new Error('root module cannot be imported: import submodules instead. Check out README'); |
/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ | ||
import { blake2s } from '@noble/hashes/blake2s'; | ||
import { sha512 } from '@noble/hashes/sha512'; | ||
import { concatBytes, randomBytes, utf8ToBytes } from '@noble/hashes/utils'; | ||
import { twistedEdwards } from './abstract/edwards.js'; | ||
import { blake2s } from '@noble/hashes/blake2s'; | ||
import { Field } from './abstract/modular.js'; | ||
@@ -7,0 +7,0 @@ |
/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ | ||
import { sha256 } from '@noble/hashes/sha256'; | ||
import { createCurve } from './_shortw_utils.js'; | ||
import { sha256 } from '@noble/hashes/sha256'; | ||
import { createHasher } from './abstract/hash-to-curve.js'; | ||
import { Field } from './abstract/modular.js'; | ||
import { mapToCurveSimpleSWU } from './abstract/weierstrass.js'; | ||
import { createHasher } from './abstract/hash-to-curve.js'; | ||
@@ -8,0 +8,0 @@ // NIST secp256r1 aka p256 |
/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ | ||
import { sha384 } from '@noble/hashes/sha512'; | ||
import { createCurve } from './_shortw_utils.js'; | ||
import { sha384 } from '@noble/hashes/sha512'; | ||
import { createHasher } from './abstract/hash-to-curve.js'; | ||
import { Field } from './abstract/modular.js'; | ||
import { mapToCurveSimpleSWU } from './abstract/weierstrass.js'; | ||
import { createHasher } from './abstract/hash-to-curve.js'; | ||
@@ -8,0 +8,0 @@ // NIST secp384r1 aka p384 |
/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ | ||
import { sha512 } from '@noble/hashes/sha512'; | ||
import { createCurve } from './_shortw_utils.js'; | ||
import { sha512 } from '@noble/hashes/sha512'; | ||
import { createHasher } from './abstract/hash-to-curve.js'; | ||
import { Field } from './abstract/modular.js'; | ||
import { mapToCurveSimpleSWU } from './abstract/weierstrass.js'; | ||
import { createHasher } from './abstract/hash-to-curve.js'; | ||
@@ -8,0 +8,0 @@ // NIST secp521r1 aka p521 |
/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ | ||
import { sha256 } from '@noble/hashes/sha256'; | ||
import { getHash } from './_shortw_utils.js'; | ||
import { Field, mod } from './abstract/modular.js'; | ||
import { weierstrass } from './abstract/weierstrass.js'; | ||
import { getHash } from './_shortw_utils.js'; | ||
import * as mod from './abstract/modular.js'; | ||
@@ -14,5 +14,5 @@ export const p = BigInt('0x40000000000000000000000000000000224698fc094cf91b992d30ed00000001'); | ||
b: BigInt(5), | ||
Fp: mod.Field(p), | ||
Fp: Field(p), | ||
n: q, | ||
Gx: mod.mod(BigInt(-1), p), | ||
Gx: mod(BigInt(-1), p), | ||
Gy: BigInt(2), | ||
@@ -26,5 +26,5 @@ h: BigInt(1), | ||
b: BigInt(5), | ||
Fp: mod.Field(q), | ||
Fp: Field(q), | ||
n: p, | ||
Gx: mod.mod(BigInt(-1), q), | ||
Gx: mod(BigInt(-1), q), | ||
Gy: BigInt(2), | ||
@@ -31,0 +31,0 @@ h: BigInt(1), |
/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ | ||
import { sha256 } from '@noble/hashes/sha256'; | ||
import { randomBytes } from '@noble/hashes/utils'; | ||
import { createCurve } from './_shortw_utils.js'; | ||
import { createHasher, isogenyMap } from './abstract/hash-to-curve.js'; | ||
import { Field, mod, pow2 } from './abstract/modular.js'; | ||
import { ProjPointType as PointType, mapToCurveSimpleSWU } from './abstract/weierstrass.js'; | ||
import type { Hex, PrivKey } from './abstract/utils.js'; | ||
import { bytesToNumberBE, concatBytes, ensureBytes, numberToBytesBE } from './abstract/utils.js'; | ||
import { createHasher, isogenyMap } from './abstract/hash-to-curve.js'; | ||
import { createCurve } from './_shortw_utils.js'; | ||
import { ProjPointType as PointType, mapToCurveSimpleSWU } from './abstract/weierstrass.js'; | ||
@@ -11,0 +11,0 @@ const secp256k1P = BigInt('0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f'); |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
1500481
194
20846
1032
6